Joomla YJ Live Search 2.0 SQL Injection

Joomla YJ Live Search module extension version 2.0 suffers from a remote SQL injection vulnerability.


MD5 | 329f22b591a60d0b7446de5c42542abf

################################################
#Title: Joomla YJ Live Search Module 2.0 SQL Injection / Cross Site
Scripting
#Credit: Bilal KARDADOU
#Vendor: http://www.youjoomla.com
#URL:
http://www.youjoomla.com/joomla-extensions/yj-live-search-joomla-live-search-module.html
#Product: 'Joomla YJ Live Search Module 2.0'
#Extension type: Module
#Compatibility: J1.5-J1.7-J2.5-J3.X
#Extension type: Module
#Google Dork: inurl:"/modules/mod_yj_live_search/"
################################################
#
# Description:
# Still looking for perfect Joomla search module? We are happy to say that
your can stop looking and get your copy of YJ Live Search module. Available
in native #versions for both Joomla! , YJLS will amaze your visitors with
easy live search functions and is completely customizable trough its own
CSS file.
#
# This live search modules is available for any current Joomla! version.
#
# GET -p [value]
#
http://127.0.0.1/joomla/modules/mod_yj_live_search/customfeeds/feed.php?search=a[SQLI-XSS]&page=1
#
#
# PoC:
# https://prnt.sc/hskd2h
# https://prnt.sc/hskdbt
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################

Related Posts