With this we get the following response (as you can see on the response we broke the SQL query):
Now we inject with our SQL query into the parameter filename:
And we get the response with the proof.
To replicate the issue go to:
Administration > Components > JNews > Queue > Search Field
Do a search and grab the request, the injection point is the parameter mailingsearch:
With this we get the following response (as you can see on the response we broke the SQL query):
Now we inject with our SQL query into the parameter mailingsearch:
And we get the response with the proof.
To replicate the issue go to:
Administration > Components > JNews > Subscribers > Search Field
Administration > Components > JNews > Newsletters > Search Field
Do a search and grab the request, the injection point is the parameter emailsearch:
With this we get the following response (as you can see on the response we broke the SQL query):
Now we inject with our SQL query into the parameter emailsearch:
And we get the response with the proof.