SQL inection on gdclive.nokia.com

Hi, this blog about SQL Injection in Nokia.com Allowed me to Dump all database

Full POC :

when I’m visiting this domain gdclive.nokia.com I’ve found something

First: this domain has been used an old version of Joomla CMS

let’s scan it using the joomscan tool for dumping all pieces of information about Joomla (plugins, version, etc..)

All results :

Joomla Version: 3.1
Plugins: JCK Editor (6.4.4)

searching for JCK Editor in exploit-db.com and I’ve found this exploit https://www.exploit-db.com/exploits/45423 let’s exploit it :D

Worked ..! you can see the version of the database :D

this is the time of SQLMAP Tool

$ sqlmap -u 'https://gdclive.nokia.com/plugins/editors/jckeditor/plugins/jtreelink/dialogs/links.php?extension=menu&view=menu&parent=' --level=5 --risk=3 --random-agent --technique=U -p parent --batch --current-db --current-user

you can see the current user and the name of the database :) After dumping all databases using the --all option and unencrypt the password of the admin account let’s login in admin panel

PWNED :D

You can see this video about this bug

Thanks ;0