8b6bfd7f93
19 new exploits Cimetrics BACstac 6.2f - Privilege Escalation Cimetrics BACnet Explorer 4.0 - XML External Entity Injection SonicDICOM PACS 2.3.2 - Cross-Site Scripting SonicDICOM PACS 2.3.2 - Cross-Site Request Forgery (Add Admin) SonicDICOM PACS 2.3.2 - Privilege Escalation Kodi 17.1 - Arbitrary File Disclosure WhizBiz 1.9 - SQL Injection TI Online Examination System 2.0 - SQL Injection Viavi Real Estate - SQL Injection Viavi Movie Review - 'id' Parameter SQL Injection Viavi Product Review - 'id' Parameter SQL Injection Quadz School Management System 3.1 - 'uisd' Parameter SQL Injection Domains & Hostings Manager PRO 3.0 - 'entries' Parameter SQL Injection Joomla! Component onisPetitions 2.5 - 'tag' Parameter SQL Injection Joomla! Component onisQuotes 2.5 - 'tag' Parameter SQL Injection Joomla! Component onisMusic 2 - 'tag' Parameter SQL Injection Joomla! Component Sponsor Wall 7.0 - 'wallid' Parameter SQL Injection Joomla! Component Vik Booking 1.7 - SQL Injection Joomla! Component Soccer Bet 4.1.5 - 'cat' Parameter SQL Injection
17 lines
676 B
Text
Executable file
17 lines
676 B
Text
Executable file
# Exploit Title: Joomla Component Vik Booking 1.7 - SQL Injection
|
|
# Date: 2017-02-11
|
|
# Home : https://extensions.joomla.org/extension/vik-booking/
|
|
# Exploit Author: Persian Hack Team
|
|
# Discovered by : Mojtaba MobhaM (kazemimojtaba@live.com)
|
|
# Home : http://persian-team.ir/
|
|
# Telegram Channel AND Demo: @PersianHackTeam
|
|
# Google Dork : inurl:index.php?option=com_vikbooking
|
|
# Tested on: Linux
|
|
|
|
# POC :
|
|
# room_ids[0] Parameter Vulnerable to SQL Injection
|
|
# http://www.Target.com/index.php?option=com_vikbooking&view=availability&room_ids[0]=[SQL]
|
|
|
|
# Greetz : T3NZOG4N & FireKernel & Milad Hacking And All Persian Hack Team Members
|
|
# Iranian white hat Hackers
|
|
|