Joomla JHotelReservation 6.0.5 SQL Injection Vulnerability

################################################
#Title: Joomla JHotelReservation 6.0.5 - SQL injection
#Credit: Bilal KARDADOU
#Vendor: http://www.cmsjunkie.com/joomla_hotel_reservation
#URL:
https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/jhotelreservation/
#Product: 'Joomla JHotelReservation 6.0.5'
#Developer: CMSJunkie
#Extension type: Plugin
#Last updated: Jan 01 2018
#Compatibility: 3.X
#Type: Paid download
#Google Dork: inurl:"Google is your Friend"
################################################
#
#  Description:
#   Easy to use, professional hotel reservation software, Joomla Hotel
Reservation is offering management and
# reservation solutions for all types of hotels, motels, B&Bs, resorts,
apartments, campsites, etc. Benefit the ideal
#   alternative to manually tracking reservations, following up with your
customers and payments. No longer is
# there a need to keep mounds of paper, lose customer details or lose track
of payments.
#
#
# --Method=GET -p [term]
#
#  -u "
http://127.0.0.1/j-myhotel/component/jhotelreservation/?task=hotels.getSuggestionsList&term=a[SQLI]
"
#
# PoC:
#  https://prnt.sc/hvx0y7
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################

 

Leave a Reply