################################################ #Title: Joomla YJ Live Search Module 2.0 SQL Injection / Cross Site Scripting #Credit: Bilal KARDADOU #Vendor: http://www.youjoomla.com #URL: http://www.youjoomla.com/joomla-extensions/yj-live-search-joomla-live-search-module.html #Product: 'Joomla YJ Live Search Module 2.0' #Extension type: Module #Compatibility: J1.5-J1.7-J2.5-J3.X #Extension type: Module #Google Dork: inurl:"/modules/mod_yj_live_search/" ################################################ # # Description: # Still looking for perfect Joomla search module? We are happy to say that your can stop looking and get your copy of YJ Live Search module. Available in native #versions for both Joomla! , YJLS will amaze your visitors with easy live search functions and is completely customizable trough its own CSS file. # # This live search modules is available for any current Joomla! version. # # GET -p [value] # http://127.0.0.1/joomla/modules/mod_yj_live_search/customfeeds/feed.php?search=a[SQLI-XSS]&page=1 # # # PoC: # https://prnt.sc/hskd2h # https://prnt.sc/hskdbt # # Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) ################################################