CVE-2017-8917

This is a functional SQL injection exploit for Joomla! 3.7.0, leveraging the CVE-2017-8917 vulnerability in the com_fields component. It extracts CSRF tokens, performs blind SQLi to dump table names, user credentials, and session data.

This script automates the detection of SQL injection in Joomla 3.7.0 (CVE-2017-8917) by leveraging the ZoomEye API to scan for vulnerable targets. It exploits an XPath syntax error to confirm the presence of the vulnerability.

This is a functional exploit for CVE-2017-8917, an error-based SQL injection vulnerability in Joomla 3.7.0. It automates the extraction of database names, table names, and user credentials by leveraging MySQL error messages.

This is a Python script that exploits CVE-2017-8917, a SQL injection vulnerability in Joomla! 3.7.0. It automates the extraction of database information by leveraging the vulnerable 'com_fields' component.

This repository contains a functional Perl script that exploits a SQL injection vulnerability in Joomla! 3.7.0 via the 'com_fields' component. The exploit sends a crafted HTTP request to trigger the vulnerability and checks for a specific response to determine if the target is vulnerable.

This repository contains a functional proof-of-concept exploit for CVE-2017-8917, a SQL injection vulnerability in Joomla's `com_fields` component. The exploit uses error-based SQL injection to extract data from the database, including version, database name, tables, and rows.

This repository contains a functional Perl script that exploits a SQL injection vulnerability in Joomla! 3.7.0 via the 'com_fields' component. The exploit sends a crafted HTTP GET request with a malicious payload to trigger the vulnerability and checks the response for signs of successful exploitation.

This repository contains a Python-based exploit for CVE-2017-8917, a SQL injection vulnerability in Joomla 3.7.0. The exploit automates the extraction of user credentials and session data by leveraging blind SQLi techniques.

This repository contains a writeup for CVE-2017-8917, a Joomla vulnerability, described in Romanian for educational purposes. No exploit code is provided.

This repository is a stub for CVE-2017-8917, referencing a vulnerable Joomla docker container managed by the Cved tool. It contains no exploit code or technical details.

This is a functional exploit for CVE-2017-8917, targeting Joomla 3.7.0's 'com_fields' SQL injection vulnerability. It extracts database information, user credentials, and other sensitive data using SQLi techniques.

This is a functional exploit for CVE-2017-8917, targeting Joomla 3.7.0 with an SQL injection vulnerability in the 'com_fields' component. It extracts user credentials via error-based injection using MySQL's UpdateXML function.

This PoC exploits a SQL injection vulnerability in Joomla 3.7.0 via the 'com_fields' component. It extracts sensitive information such as database prefix, user credentials, and database metadata using blind SQL injection techniques.

This exploit demonstrates a SQL injection vulnerability in Joomla 3.7.0 via the `list[fullordering]` parameter. It includes payloads for boolean-based blind, error-based, and time-based blind SQL injection techniques.

This Metasploit module exploits a SQL injection vulnerability in Joomla's com_fields component (CVE-2017-8917) to achieve remote code execution by hijacking an admin session, creating a malicious PHP file, and injecting payload data.

This Metasploit module exploits a SQL injection vulnerability in Joomla's com_fields component (CVE-2017-8917) to extract session cookies, authenticate as an administrator, and upload a malicious PHP file for remote code execution.