Exploit Title
- Joomla 3.2 to 3.4.4 Remote SQL Injection Mass Exploit
Date
- 25-10-2015
Requirements
- Python 3.4.x , Requests module (python -m pip install requests)
Vulnerable Version
- https://github.com/joomla/joomla-cms/releases/download/3.4.4/Joomla_3.4.4-Stable-Full_Package.zip
Vulnerability found by
- trustwave.com
Exploit Author
- Mukarram Khalid
Home Page
- mukarramkhalid.com
Tested on
- Windows 8.1 / Ubuntu 14.04
CVE
- CVE-2015-7297, CVE-2015-7857 and CVE-2015-7858
Blog Post
- https://mukarramkhalid.com/mass-exploit-joomla-3-2-to-3-4-sql-injection/
Read the blog post for some known issues.
Change Google Dork at line 106.
