CVE-2018-6396 PoC — Joomla! Google Map Landkarten SQL注入漏洞

Source

https://github.com/JavierOlmedo/joomla-cve-2018-6396

Associated Vulnerability

Title:Joomla! Google Map Landkarten SQL注入漏洞 (CVE-2018-6396)
Description:SQL Injection exists in the Google Map Landkarten through 4.2.3 component for Joomla! via the cid or id parameter in a layout=form_markers action, or the map parameter in a layout=default action.

Description

Joomla - Component Google Map Landkarten <= 4.2.3 - SQL Injection

Readme

# Joomla-CVE-2018-6396
## Joomla! Component Google Map Landkarten <= 4.2.3 - SQL Injection
**Date:** 03/03/2018

**Vendor Homepage:** [http://www.joomla-24.de/](http://www.joomla-24.de/)

**Software Link:** [https://extensions.joomla.org/extensions/extension/maps-a-weather/maps-a-locations/google-map-landkarten/](https://extensions.joomla.org/extensions/extension/maps-a-weather/maps-a-locations/google-map-landkarten/)

**Version:** <= 4.2.3

**Tested on:** KaLi Linux 2018.1

**CVE:** [CVE-2018-6396](https://www.certsi.es/en/early-warning/vulnerabilities/cve-2018-6396)

**Discovered by:** [Ihsan Sencan](https://twitter.com/ihsansencan)

**Exploit by:** [Javier Olmedo](https://twitter.com/jjavierolmedo)
## HOW TO USE?
Clone this repository
```
git clone https://github.com/JJavierOlmedo/joomla-cve-2018-6396.git
```
Go to local repository
```
cd joomla-cve-2018-6396
```
Change the access permissions
```
sudo chmod +x joomla-cve-2018-6396.py
```
Launch attack!!
```
python3 joomla-cve-2018-6396.py -u <TARGET>
```
## PoC
![cve-2018-6396](https://hackpuntes.com/wp-content/uploads/2018/03/cve-2018-6396.gif)

File Snapshot

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!