Joomla VehicleManager 3.9.15 SQL Injection Vulnerability

##########################################
#Title: Joomla VehicleManager 3.9.15 – SQL injection
#Credit: Bilal KARDADOU
#Vendor: http://ordasoft.com/
#URL:
https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/vehiclemanager-basic/
#Product: ‘Joomla VehicleManager 3.9.15’
#Developer: OrdaSoft
#Extension type: Plugin
#Last updated: Dec 06 2017
#Compatibility: 3.X
#Google Dork: N/A
################################################
#

#  Description:
#   Vehicle Manager Basic is free automotive Joomla component for
car/vehicle management and building car sale and rental websites.
#
# --Method=GET -p [vehicle_address]
#
#  -u "
http://127.0.0.1/joomla/index.php/vehiclemanager/search/search-by-map?vehicle_address=a[SQLI]&vehicle_search_range=1000&vehicle_search_latitude=48.3705449&vehicle_search_longitude=10.897789999999986&vehicle_cat=
"
#
# PoC:
#
################################################

Leave a Reply