Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

NSE for CVE-2017-8917 #916

wants to merge 4 commits into


None yet
2 participants

wongwaituck commented Jun 22, 2017

An SQL injection vulnerability exists in Joomla! versions 3.7.x before 3.7.1, which allows unauthenticated users to execute arbitrary SQL commands. I wanted to write an SQLi related script to see how it can be integrated into a library, hence this script was written.

This script checks if the com_fields is injectable by running the information function user(). If the username and hostname is returned, website is vulnerable.

A video of the script in action can be found here.

Maybe reduce to one space?


wongwaituck replied Jun 22, 2017


@nmap-bot nmap-bot closed this in 5096438 Jun 26, 2017

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment