Joomla J-BusinessDirectory 4.7.3 SQL Injection

Joomla J-BusinessDirectory extension version 4.7.3 suffers from a remote SQL injection vulnerability.


MD5 | b5d9208713bd83444323e27c86b4fe02

################################################
#Title: Joomla J-BusinessDirectory 4.7.3 -SQL injection
#Credit: Bilal KARDADOU
#Vendor: http://www.cmsjunkie.com/j-business-directory
#URL:
https://extensions.joomla.org/extensions/extension/directory-a-documentation/directory/j-businessdirectory/
#Product: 'Joomla J-BusinessDirectory 4.7.3'
#Developer: CMSJunkie
#Extension type: Plugin
#Last updated: Dec 31 2017
#Compatibility: 3.X
#Type: Paid download
#Google Dork: inurl:"Google is your Friend"
################################################
#
# Description:
# J-BusinessDirectory is the most advanced directory extension for
Joomla!. It allows you to create now the
# professional directory you've always dreamed of. You can create and
efficiently manage any type of directory.
# With the abundance of features like no other extension, it will provide
you the right recipe for success.
# Compatible with Joomla!3.7.
#
#
# --Method=GET -p [term]
#
# -u "
http://127.0.0.1/j-businessdirectory/directory/j-konnect/index.php?option=com_jbusinessdirectory&task=categories.getCategories&type=1&term=he/'ll/o'[SQLI]
"
#
# PoC:
# https://prnt.sc/hvx6pn
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################

Related Posts