SQL Injection in Joomla! com_estateagent

Joomla as always providing penetration tester with new vulnerabilities that allow hackers to take control of the system, this time a new exploit have been released for (com_estateagent) component that can be used to conduct SQL Injection on vulnerable web server.

By checking on Google we can find about more than 2 million website that are using this component which mean that they may be attacked using the published exploit, usually hackers do not care about who is the owners of these website but they will start to attack each of them to raise their score on zone-h or similar website.

Vulnerable URL looks as follows:

http://Target.com/index.php?option=com_estateagent&Itemid=47&act=object&task=showEO&id=[sqli]

The vulnerability is tested on windows and linux based web server and you can find the PoC on this link.

Share