NSE for CVE-2017-8917 #916

wongwaituck · Jun 22, 2017

An SQL injection vulnerability exists in Joomla! versions 3.7.x before 3.7.1, which allows unauthenticated users to execute arbitrary SQL commands. I wanted to write an SQLi related script to see how it can be integrated into a library, hence this script was written.

This script checks if the com_fields is injectable by running the information function user(). If the username and hostname is returned, website is vulnerable.

A video of the script in action can be found here.

sophron · Jun 22, 2017

Maybe reduce to one space?

Done

wongwaituck added some commits Jun 20, 2017

wongwaituck added http-cve-2017-8917 script dbd54c2

wongwaituck completed cve2017-8917 script 8bfc0de

wongwaituck added some commits Jun 22, 2017

wongwaituck reduced space; changed to intrusive 464e8cf

wongwaituck fixed typo in description

f35df82

nmap-bot closed this in 5096438 Jun 26, 2017

nmap/nmap

NSE for CVE-2017-8917 #916

wongwaituck commented Jun 22, 2017

wongwaituck added some commits Jun 20, 2017

sophron commented on `scripts/http-vuln-cve2017-8917.nse` in `8bfc0de` Jun 22, 2017

wongwaituck replied Jun 22, 2017

wongwaituck added some commits Jun 22, 2017

nmap-bot closed this in `5096438` Jun 26, 2017

nmap/nmap

Join GitHub today

NSE for CVE-2017-8917 #916

Conversation

wongwaituck commented Jun 22, 2017

wongwaituck added some commits Jun 20, 2017

sophron commented on scripts/http-vuln-cve2017-8917.nse in 8bfc0de Jun 22, 2017

wongwaituck replied Jun 22, 2017

wongwaituck added some commits Jun 22, 2017

nmap-bot closed this in 5096438 Jun 26, 2017

sophron commented on `scripts/http-vuln-cve2017-8917.nse` in `8bfc0de` Jun 22, 2017

nmap-bot closed this in `5096438` Jun 26, 2017