Joomla Component BF Quiz SQL Injection Exploit released

Today I am releasing my Joomla Component BF Quiz SQL Injection Exploit. It exploits a vulnerability within the Joomla component BF Quiz I found a few hours ago.

Please click here to download the Python sploit.

Usage example:
python joomla_com_bfquiz_sploit.py – u “http://target/index.php?option=com_bfquiztrial&view=bfquiztrial&catid=34”

Features:
– Check if the provided URL is reachable
– Display current database, MySQL user and the MySQL version
– Display the password hash of the Joomla administrator

Screenshot:

Joomla Component BF Quiz SQL Injection Exploit

Additional information
Only attack targets you are allowed to attack (e.g. your own website or a customer’s website for penetration testing). I am not responsible if you cause any damage or do bad things! Know and respect your local laws!