Joomla CMS Real Estate 1.5 SQL Injection

Joomla CMS Real Estate extension version 1.5 suffers from a remote SQL injection vulnerability.


MD5 | 58842c6ee20e31d938ec0e9a8aded815

################################################
#Title: Joomla! CMS Real Estate 1.5 - SQL injection
#Credit: Bilal KARDADOU
#Vendor: http://www.cms-realestate.com
#URL:
https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/cms-real-estate/
#Product: 'Joomla! CMS Real Estate 1.5 - SQL injection'
#Developer: JoomlaUX
#Extension type: Plugin
#Last updated: Nov 08 2017
#Compatibility: 3.X
#Type: Paid download
#Google Dork: N/A
################################################
#
# Description:
# Real Estate Agency component for Joomla! 3.x versions.
#
#
# --Method=GET -p [filter_order]
#
# -u "
http://127.0.0.1/index.php?option=com_nbreal&view=properties&layout=global&filter_order=[SQLI]&filter_order_Dir=&bigsearch=A+quiet+family+home+with+private+garden+area+in+a+cul-de-sac+near+the+pool+-+Three-bedroom+Villa&n_bedrooms=5&n_bathrooms=8
"
#
# PoC:
# https://prnt.sc/hwdajq
#
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################

Related Posts