Joomla Component BF Quiz SQL Injection Exploit

Joomla Component BF Quiz SQL Injection Exploit released

Today I am releasing my Joomla Component BF Quiz SQL Injection Exploit. It exploits a vulnerability within the Joomla component BF Quiz I found a few hours ago. Please click here to download the Python sploit. Usage example: python joomla_com_bfquiz_sploit.py – u “http://target/index.php?option=com_bfquiztrial&view=bfquiztrial&catid=34” Features: – Check if the provided URL is reachable – Display current database, […]... Read More

Joomla Component BF Quiz SQL Injection Vulnerability

Please view the original advisory here. The Joomla Component BF Quiz fails to sanitize the input passed trough the parameter “catid”. Therefore the software is exposed to SQL injection attacks. I found this vulnerability while testing my new self-coded SQL injection vulnerability scanner (will be released soon). When I first had a look at this […]... Read More