Joomla Event Booking 2.10.1 SQL Injection

2016-09-25T00:00:00
ID PACKETSTORM:138851
Type packetstorm
Reporter Mojtaba MobhaM
Modified 2016-09-25T00:00:00

Description

                                        
                                            `######################  
# Exploit Title : Joomla Event Booking Component - SQL Injection  
# Exploit Author : Persian Hack Team  
# Homepage : http://persian-team.ir  
# Vendor Homepage : http://extensions.joomla.org/extension/event-booking  
# Category [ Webapps ]  
# Tested on [ Win ]  
# Version : 2.10.1  
# Date 2016/09/25  
######################  
#  
# PoC  
# => Sql Injection :  
# Date Parameter Vulnerable To SQL  
# Demo :  
# http://www.site.com/index.php?option=com_eventbooking&view=calendar&layout=weekly&date={SQL}&Itemid=354  
#  
# Video : http://persian-team.ir/showthread.php?tid=160&pid=291  
######################  
# Discovered by : Mojtaba MobhaM   
# B3li3v3 M3 I will n3v3r St0p  
# Greetz : T3NZOG4N & FireKernel & Dr.Askarzade & Masood Ostad & Dr.Koorangi & Milad Hacking & JOK3R $ Mr_Mask_Black And All Persian Hack Team Members  
######################  
  
  
`