Joomla YouBumpit extension version 2.0 suffers from a remote SQL injection vulnerability.
42dac2f80fd0059aa28118bf8c7611ff165f7a726068f85714c1a3da1711fc61################################################
#Title: Joomla YouBumpit Extension 2.0 SQL Injection
#Credit: Bilal KARDADOU
#Vendor: http://www.youjoomla.com
#URL: http://extensions.youjoomla.info/youbumpit-extension.html
#Product: 'Joomla YouBumpit Extension 2.0'
#Extension type: Plugin
#Compatibility: J1.5 J1.7 J2.5 J3.X
#Google Dork: inurl:"/plugins/content/yj_bumpit/"
################################################
#
# Description:
# Bump Bump and bump some more! How many times have you wished to have
extensions that can let your users vote for articles.
# Stop your search and get your own Youbumpit plugin. It has
everything you need to spice up your stories and website.
# This extension also comes with YouBumpit module that will list
latest bumped articles from Joomla or K2.
#
# GET -p [yj_vote]
#
http://127.0.0.1/youbumpit/plugins/content/yj_bumpit/yj_bumpit.php?yj_vote=112[SQL]&component=joomla_content&yj_time=1471524081
#
#
# PoC:
# https://prnt.sc/hsueit
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed