Joomla Spider Form Maker versions 3.4 and below suffer from a remote SQL injection vulnerability.
5c25d9bbb458923098a56f057354dcfed35e345f3b132afb9cfcd72b197098bc######################
# Exploit Title : Joomla Spider Form Maker <= 3.4 SQL Injection
# Exploit Author : Claudio Viviani
# Vendor Homepage : http://web-dorado.com/
# Software Link : http://web-dorado.com/products/joomla-form.html
# Dork Google: inurl:com_formmaker
# Date : 2014-09-07
# Tested on : Windows 7 / Mozilla Firefox
# Linux / Mozilla Firefox
######################
# PoC Exploit:
http://localhost/index.php?option=com_formmaker&view=formmaker&id=[SQLi]
"id" variable is not sanitized.
######################
# Vulnerability Disclosure Timeline:
2014-09-07: Discovered vulnerability
2014-09-09: Vendor Notification
2014-09-10: Vendor Response/Feedback
2014-09-10: Vendor Fix/Patch
2014-09-10: Public Disclosure
#####################
Discovered By : Claudio Viviani
http://www.homelab.it
info@homelab.it
homelabit@protonmail.ch
https://www.facebook.com/homelabit
https://twitter.com/homelabit
https://plus.google.com/+HomelabIt1/
https://www.youtube.com/channel/UCqqmSdMqf_exicCe_DjlBww
#####################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed