Joomla YJ Live Search module extension version 2.0 suffers from a remote SQL injection vulnerability.
2308452a3e243192e49d275a10278708b0d18850979ce947230cebba7b72d18f################################################
#Title: Joomla YJ Live Search Module 2.0 SQL Injection / Cross Site
Scripting
#Credit: Bilal KARDADOU
#Vendor: https://www.youjoomla.com
#URL:
https://www.youjoomla.com/joomla-extensions/yj-live-search-joomla-live-search-module.html
#Product: 'Joomla YJ Live Search Module 2.0'
#Extension type: Module
#Compatibility: J1.5-J1.7-J2.5-J3.X
#Extension type: Module
#Google Dork: inurl:"/modules/mod_yj_live_search/"
################################################
#
# Description:
# Still looking for perfect Joomla search module? We are happy to say that
your can stop looking and get your copy of YJ Live Search module. Available
in native #versions for both Joomla! , YJLS will amaze your visitors with
easy live search functions and is completely customizable trough its own
CSS file.
#
# This live search modules is available for any current Joomla! version.
#
# GET -p [value]
#
https://127.0.0.1/joomla/modules/mod_yj_live_search/customfeeds/feed.php?search=a[SQLI-XSS]&page=1
#
#
# PoC:
# https://prnt.sc/hskd2h
# https://prnt.sc/hskdbt
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed