Joomla YouBumpit 2.0 SQL Injection

Joomla YouBumpit extension version 2.0 suffers from a remote SQL injection vulnerability.


MD5 | 04bc849e014cee5a22b5be33621cc2a0

################################################
#Title: Joomla YouBumpit Extension 2.0 SQL Injection
#Credit: Bilal KARDADOU
#Vendor: http://www.youjoomla.com
#URL: http://extensions.youjoomla.info/youbumpit-extension.html
#Product: 'Joomla YouBumpit Extension 2.0'
#Extension type: Plugin
#Compatibility: J1.5 J1.7 J2.5 J3.X
#Google Dork: inurl:"/plugins/content/yj_bumpit/"
################################################
#
# Description:
# Bump Bump and bump some more! How many times have you wished to have
extensions that can let your users vote for articles.
# Stop your search and get your own Youbumpit plugin. It has
everything you need to spice up your stories and website.
# This extension also comes with YouBumpit module that will list
latest bumped articles from Joomla or K2.
#
# GET -p [yj_vote]
#
http://127.0.0.1/youbumpit/plugins/content/yj_bumpit/yj_bumpit.php?yj_vote=112[SQL]&component=joomla_content&yj_time=1471524081
#
#
# PoC:
# https://prnt.sc/hsueit
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################

Related Posts

Comments