Joomla JB Tour Booking extension 2.2.2 suffers from a remote SQL injection vulnerability.
2ba4114e2429bf92db11ac3c63ee15a0################################################
#Title: Joomla JB Tour Booking 2.2.2 SQL Injection
#Credit: Bilal KARDADOU
#Vendor: https://joombooking.com
#URL:
https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/jb-tour/
#Product: 'Joomla JB Tour Booking component version 2.2.2'
#Developer: Joombooking
#Last updated: May 16 2017
#Date added: Nov 19 2014
#License: GPLv2 or later
#Type: Paid download
#Price: $99
#Google Dork: N/A
################################################
#
# Product & Service Introduction:
#
# JB tour booking component is designed for travel agency. Its strengths
come from its ease of use, yet comprehensive features to provide a complete
solution for Package, Day trip, Excursions and Charter operators of all
sizes. It support the private tour or joined group tour, fixed departure
date, room type pricing model
#
# GET -p [tour_id]
#
http://127.0.0.1/[PATH]/index.php?option=com_bookpro&controller=tour&task=getpackagerate&tmpl=component&date=2017-12-23&tour_id=[SQL]
#
# GET -p [packagetype_id]
#
http://127.0.0.1/[PATH]/component/bookpro/?roomtype[]=2_0_0_10&roomtype[]=1_0_0_13&addons[30]=1&tour_id_coupon=113&date=2017-12-23&quantity=&id=113&view=roombook&option=com_bookpro&packagetype_id=[SQL]
#
#
# POST -p [roomtype[]]
#
http://127.0.0.1/[PATH]/component/bookpro/?roomtype[]=2_0_0_10[SQL]&roomtype[]=1_0_0_13[SQL]&addons[30]=1&tour_id_coupon=113&date=2017-12-23&quantity=&id=113&view=roombook&option=com_bookpro&packagetype_id=69
#
#
# PoC:
# https://prnt.sc/hqxg4n
# https://prnt.sc/hqxom3
# https://prnt.sc/hqxouk
#
#
# */'[Additional information!!!]
# Exploitation can be a little bit tricky.
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################
--
[image: 2017-04-04_21-41-59.png]
Bilal Kardadou
IT Security Consultant & Bug Bounty Hunter
[image: linkedin.png] <https://www.linkedin.com/in/kardadou/>[image:
pinterest.png] <https://packetstormsecurity.com/files/author/12802/>[image:
facebook.png] <https://www.facebook.com/o9n75oo9754hmoobboomwooow986yh>
00212675-092778
The more control you impose the less control you have.