Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdt**RoAd_KiLlEr**1337DAY-ID-13246
HistoryJul 08, 2010 - 12:00 a.m.

Joomla Component com_rentalot SQL Injection Vulnerability

2010-07-0800:00:00
**RoAd_KiLlEr**
0day.today
26
JSON

Exploit for php platform in category web applications

=========================================================
Joomla Component com_rentalot SQL Injection Vulnerability
=========================================================


1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
0     _                   __           __       __                     1
1   /' \            __  /'__`\        /\ \__  /'__`\                   0
0  /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___           1
1  \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\          0
0     \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/           1
1      \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\           0
0       \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/           1
1                  \ \____/ >> Exploit database separated by exploit   0
0                   \/___/          type (local, remote, DoS, etc.)    1
1                                                                      1
0  [+] Site            : Inj3ct0r.com                                  0
1  [+] Support e-mail  : submit[at]inj3ct0r.com                        1
0                                                                      0
1                ###########################################           1
0               I'm **RoAd_KiLlEr**  member from Inj3ct0r Team         1
1                ###########################################           0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[+]Title               Joomla   Component  (com_rentalot)  SQL-i Vulnerability
[+]Author          **RoAd_KiLlEr**
[+]Contact        RoAd_KiLlEr[at]Khg-Crew[dot]Ws
[+]Tested on     Win Xp Sp 2/3
---------------------------------------------------------------------------
[~] Founded by **RoAd_KiLlEr**
[~] Team: Albanian Hacking Crew
[~] Contact: RoAd_KiLlEr[at]Khg-Crew[dot]Ws 
[~] Home: http://inj3ct0r.com
[~] Download App:http://extensions.lesarbresdesign.info/en/downloads/category/1-rentalot?download=1%3Arentalot
[~] Version:  2.05
[~] Vendor: http://extensions.lesarbresdesign.info/en/rentalot
==========ExPl0iT3d by **RoAd_KiLlEr**==========

[+]Description:
Rentalot provides pricing and management functions for holiday property rental businesses. It is designed for smaller businesses that offer a highly personal service. For example, the system sends email reminders of various events to the business owner, but sending automated emails directly to clients would not be appropriate.

Despite Rentalot being designed for smaller businesses, and its slightly frivolous name, this is a serious and highly capable business application with many advanced features.

For the front end website, Rentalot provides an availability calendar with prices in multiple currencies and availability automatically reflected from the database.

For the back end administrative interface, Rentalot provides maintenance of prices and bookings, with several reports.

A notification script runs daily to send email reminders about arrivals, departures, and payments due, and to automatically update exchange rates.
=========================================

[+] Dork: inurl:"com_rentalot"

==========================================


[+].  SQL-i Vulnerability
=+=+=+=+=+=+=+=+=+

[Exploit]:  http://127.0.0.1/path/index.php?option=com_rentalot&Itemid= [SQL Injection] 



===========================================================================================
[!] Albanian Hacking Crew           
===========================================================================================
[!] **RoAd_KiLlEr**   
===========================================================================================
[!] MaiL: sukihack[at]gmail[dot]com
===========================================================================================
[!] Greetz To : Ton![w]indowS | X-n3t | b4cKd00r ~ | DarKHackeR. | The|DennY` | EaglE EyE | Lekosta | KHG | THE_1NV1S1BL3 & All Albanian/Kosova Hackers 
===========================================================================================
[!] Spec Th4nks:  r0073r  | indoushka from Dz-Ghost Team  | MaFFiTeRRoR | All  Inj3ct0r 31337 Members | And All My Friendz
===========================================================================================
[!] Red n'black i dress eagle on my chest
It's good to be an ALBANIAN
Keep my head up high for that flag I die
Im proud to be an ALBANIAN
===========================================================================================



#  0day.today [2018-01-26]  #
JSON