DEV Community

Cover image for SQL inection on

SQL inection on

Khaled Nassar
Web Developer | Part Time Bug Bounty Hunter - I use VIM btw -
・1 min read

Hi , this blog about SQL Injection in Allowed me to Dump all database

Full POC :

when im visiting this domain i've found something

First : this domain has been used an old version of Joomla CMS

let's scan it using joomscan tool for dumping all informations about joomla (plugins , version ,etc..)

All results :

Joomla Version : 3.1
Plugins : JCK Editor (6.4.4)
Enter fullscreen mode Exit fullscreen mode

searching for JCK Editor in
and i've found this exploit
let's exploit it :D

Worked ..!
you can see the version of database :D

this is the time of SQLMAP Tool

$ sqlmap -u '' --level=5 --risk=3 --random-agent --technique=U -p parent --batch --current-db --current-user
Enter fullscreen mode Exit fullscreen mode

you can see the current user and the name of database :)
After dumping all databases using --all option and unencrypt the password of admin account let's login in admin panel


You can see this video about this bug

Thanks ;0

Discussion (1)

swindlesmccoop profile image
Swindles McCoop

Thanks for sharing, this is pretty cool