Joomla JB Bus 2.3.0 SQL Injection

2017.12.22
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

################################################ #Title: Joomla JB Bus 2.3.0 SQL Injection #Credit: Bilal KARDADOU #Vendor: https://joombooking.com #URL: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/jbtransport/ #Product: 'Joomla JB Bus component version 2.3.0' #Developer: Joombooking #Last updated: Apr 19 2017 #Date added: Nov 19 2014 #License: GPLv2 or later #Type: Paid download #Price: $99 #Google Dork: N/A ################################################ # # Product & Service Introduction: # # JB Bus is a joomla component which provides the functions for create online bus booking website. # # GET -p [id] # http://127.0.0.1/[PATH]/index.php?option=com_bookpro&view=routemap&tmpl=component&id=[SQL] # # POST -p [bustrip_id] # http://127.0.0.1/[PATH]/hdsha/391-393/da-nang-city-hanoi?view=busconfirm # Data: bustrip_id=[SQL]&listseat_199=7%2C8%2C9&seat=7%2C8%2C9&return_seat=&Itemid=113 # # POST -p [filter_from] & [filter_to] # http://127.0.0.1/[PATH]/hdsha?view=bustrips # Data: filter_roundtrip=0&filter_from=[SQL]&filter_to=[SQL]&filter_start=12-22-2017&filter_end=&filter_adult%5B1%5D=2&filter_adult%5B3%5D=1&btnSubmit=Find+trip&Itemid=113&45f2fd16eadb10e847739d13182a2ec2=1 # # PoC: # https://prnt.sc/hqj6d2 # https://prnt.sc/hqj6oz # # Bilal KARDADOU - https://www.linkedin.com/in/kardadou/) ################################################ -- [image: 2017-04-04_21-41-59.png] Bilal Kardadou IT Security Consultant & Bug Bounty Hunter [image: linkedin.png] <https://www.linkedin.com/in/kardadou/>[image: pinterest.png] <https://packetstormsecurity.com/files/author/12802/>[image: facebook.png] <https://www.facebook.com/o9n75oo9754hmoobboomwooow986yh> 00212675-092778 The more control you impose the less control you have.


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top