ad

Joomla JE Ajax Event Calendar SQL Injection Vulnerability



EDB-ID: 13997 CVE: 2010-2513 OSVDB-ID: 65828
Author: L0rd CrusAd3r Published: 2010-06-23 Verified: Not Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
Exploit Title:Joomla JE Ajax event calendar SQL Vulnerable 
Version:1.0.5
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Published: 2010-06-23
Greetz to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat.
Special Greetz: Topsecure.net, inj3ct0r Team
Shoutzz:- To all ICW members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:

100% MVC structure follow. There are three different managers in that
component:-

1. Category Management
2. Event Management
3. Event Setting

1. Category Management: - Admin can add, edit, delete, published and unpublished the category title and description.

2. Event Management: - Admin can add, edit, delete, published and unpublished the event. Event title, category, start date, end date, description, background color and text color add, edit and delete, published, unpublished from the event management.
Admin has rights that all users or selected user or none can see the event from front end.
Admin can add event to selected category.

3. Setting: - Admin can enable or disable all the events which user can add the event or not.
Admin can set the header1, header2, header3, header4 color using color picker.

Features:-

- Add event to particular category
- Set the calendar color using color picker.
- Admin has rights to add event from site side.
- Admin has rights that all users see the event or selected user can see the events.
- Front end side user can see the event description in light box by click on that event.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*SQL Vulnerability

DEMO URL :

http://server/component/jeeventcalendar/?view=[Sqli]

# 0day n0 m0re #
# L0rd CrusAd3r #