CVE-2018-6396 PoC — Joomla! Google Map Landkarten SQL注入漏洞

Source

Associated Vulnerability

Description

Joomla - Component Google Map Landkarten <= 4.2.3 - SQL Injection

Readme

# Joomla-CVE-2018-6396
## Joomla! Component Google Map Landkarten <= 4.2.3 - SQL Injection
**Date:** 03/03/2018

**Vendor Homepage:** [http://www.joomla-24.de/](http://www.joomla-24.de/)

**Software Link:** [https://extensions.joomla.org/extensions/extension/maps-a-weather/maps-a-locations/google-map-landkarten/](https://extensions.joomla.org/extensions/extension/maps-a-weather/maps-a-locations/google-map-landkarten/)

**Version:** <= 4.2.3

**Tested on:** KaLi Linux 2018.1

**CVE:** [CVE-2018-6396](https://www.certsi.es/en/early-warning/vulnerabilities/cve-2018-6396)

**Discovered by:** [Ihsan Sencan](https://twitter.com/ihsansencan)

**Exploit by:** [Javier Olmedo](https://twitter.com/jjavierolmedo)
## HOW TO USE?
Clone this repository
```
git clone https://github.com/JJavierOlmedo/joomla-cve-2018-6396.git
```
Go to local repository
```
cd joomla-cve-2018-6396
```
Change the access permissions
```
sudo chmod +x joomla-cve-2018-6396.py
```
Launch attack!!
```
python3 joomla-cve-2018-6396.py -u <TARGET>
```
## PoC
![cve-2018-6396](https://hackpuntes.com/wp-content/uploads/2018/03/cve-2018-6396.gif)

File Snapshot

 [4.0K]  /data/pocs/844597a4c4f4d999904fc2cdc46acafdbcca17d7
├── [6.3K]  joomla-cve-2018-6396.py
└── [1.1K]  README.md

0 directories, 2 files

Remarks