Joomla JB Tour Booking 2.2.2 SQL Injection

2017.12.22
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################ #Title: Joomla JB Tour Booking 2.2.2 SQL Injection #Credit: Bilal KARDADOU #Vendor: https://joombooking.com #URL: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/jb-tour/ #Product: 'Joomla JB Tour Booking component version 2.2.2' #Developer: Joombooking #Last updated: May 16 2017 #Date added: Nov 19 2014 #License: GPLv2 or later #Type: Paid download #Price: $99 #Google Dork: N/A ################################################ # # Product & Service Introduction: # # JB tour booking component is designed for travel agency. Its strengths come from its ease of use, yet comprehensive features to provide a complete solution for Package, Day trip, Excursions and Charter operators of all sizes. It support the private tour or joined group tour, fixed departure date, room type pricing model # # GET -p [tour_id] # http://127.0.0.1/[PATH]/index.php?option=com_bookpro&controller=tour&task=getpackagerate&tmpl=component&date=2017-12-23&tour_id=[SQL] # # GET -p [packagetype_id] # http://127.0.0.1/[PATH]/component/bookpro/?roomtype[]=2_0_0_10&roomtype[]=1_0_0_13&addons[30]=1&tour_id_coupon=113&date=2017-12-23&quantity=&id=113&view=roombook&option=com_bookpro&packagetype_id=[SQL] # # # POST -p [roomtype[]] # http://127.0.0.1/[PATH]/component/bookpro/?roomtype[]=2_0_0_10[SQL]&roomtype[]=1_0_0_13[SQL]&addons[30]=1&tour_id_coupon=113&date=2017-12-23&quantity=&id=113&view=roombook&option=com_bookpro&packagetype_id=69 # # # PoC: # https://prnt.sc/hqxg4n # https://prnt.sc/hqxom3 # https://prnt.sc/hqxouk # # # */'[Additional information!!!] # Exploitation can be a little bit tricky. # # Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) ################################################ -- [image: 2017-04-04_21-41-59.png] Bilal Kardadou IT Security Consultant & Bug Bounty Hunter [image: linkedin.png] <https://www.linkedin.com/in/kardadou/>[image: pinterest.png] <https://packetstormsecurity.com/files/author/12802/>[image: facebook.png] <https://www.facebook.com/o9n75oo9754hmoobboomwooow986yh> 00212675-092778 The more control you impose the less control you have.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top