Joomla JHotelReservation extension version 6.0.5 suffers from a remote SQL injection vulnerability.
8c701872957dae6ddcb0a2715e8182a5
################################################
#Title: Joomla JHotelReservation 6.0.5 - SQL injection
#Credit: Bilal KARDADOU
#Vendor: http://www.cmsjunkie.com/joomla_hotel_reservation
#URL:
https://extensions.joomla.org/extensions/extension/vertical-markets/booking-a-reservations/jhotelreservation/
#Product: 'Joomla JHotelReservation 6.0.5'
#Developer: CMSJunkie
#Extension type: Plugin
#Last updated: Jan 01 2018
#Compatibility: 3.X
#Type: Paid download
#Google Dork: inurl:"Google is your Friend"
################################################
#
# Description:
# Easy to use, professional hotel reservation software, Joomla Hotel
Reservation is offering management and
# reservation solutions for all types of hotels, motels, B&Bs, resorts,
apartments, campsites, etc. Benefit the ideal
# alternative to manually tracking reservations, following up with your
customers and payments. No longer is
# there a need to keep mounds of paper, lose customer details or lose track
of payments.
#
#
# --Method=GET -p [term]
#
# -u "
http://127.0.0.1/j-myhotel/component/jhotelreservation/?task=hotels.getSuggestionsList&term=a[SQLI]
"
#
# PoC:
# https://prnt.sc/hvx0y7
#
# Bilal KARDADOU - https://www.linkedin.com/in/kardadou/)
################################################