header-logo
Suggest Exploit
vendor:
Dateconverter
by:
RoAd_KiLlEr
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Dateconverter
Affected Version From: 0.1-beta
Affected Version To: 0.1-beta
Patch Exists: NO
Related CWE: N/A
CPE: a:dateconverter:dateconverter:0.1-beta
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Win Xp Sp 2/3
2009

Joomla Component com_dateconverter SQL Injection Vulnerability

Joomla AD/BS Date Converter is a Joomla Component used to convert date between Gregorian Calendar and Bikram Sambat Calendar. BS Calendar is used in Nepal, India, Bhutan, Sri Lanka, Thailand etc. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter. This can be done by appending the malicious SQL query to the vulnerable parameter in the URL. This can be used to extract sensitive information from the database.

Mitigation:

Input validation should be done to prevent SQL injection attacks. Parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

-----------------------------------------------------------------------------------------
 Joomla  Component  com_dateconverter  SQL Injection Vulnerability
-----------------------------------------------------------------------------------------
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1
1                ###########################################           1
0                I'm **RoAd_KiLlEr**  member from Inj3ct0r Team        1
1                ###########################################           0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1

[+]Title              Joomla  Component  com_dateconverter  SQL Injection Vulnerability
[+]Author          **RoAd_KiLlEr**
[+]Contact        RoAd_KiLlEr[at]Khg-Crew[dot]Ws
[+]Tested on     Win Xp Sp 2/3
---------------------------------------------------------------------------
[~] Founded by **RoAd_KiLlEr**
[~] Team: Albanian Hacking Crew
[~] Contact: RoAd_KiLlEr[at]Khg-Crew[dot]Ws 
[~] Home: http://a-h-crew.net    
[~] Vendor: http://sourceforge.net/projects/date-converter/
[~] Download App:http://sourceforge.net/projects/date-converter/files/com_dateconverter-0.1-beta.zip/download
==========ExPl0iT3d by **RoAd_KiLlEr**==========

[+]Description:
Joomla AD/BS Date Converter is a Joomla Component used to convert date between Gregorian Calendar and Bikram Sambat Calendar. BS Calendar is used in Nepal, India, Bhutan, Sri Lanka, Thailand etc.
=========================================

[+] Dork: inurl:"com_dateconverter"

==========================================


[+].  SQL-i Vulnerability
=+=+=+=+=+=+=+=+=+

[Exploit]:  http://127.0.0.1/path/index.php?option=com_dateconverter&Itemid=[] <== SQL-i

===========================================================================================
[!] Albanian Hacking Crew           
===========================================================================================
[!] **RoAd_KiLlEr**   
===========================================================================================
[!] MaiL: sukihack[at]gmail[dot]com
===========================================================================================
[!] Greetz To : Ton![w]indowS | X-n3t | b4cKd00r ~ | DarKHackeR. | The|DennY` | EaglE EyE | Lekosta | KHG | THE_1NV1S1BL3 & All Albanian/Kosova Hackers 
===========================================================================================
[!] Spec Th4nks: Inj3ct0r.com & r0073r  | indoushka from Dz-Ghost Team  | MaFFiTeRRoR | Sid3^effects | The_Exploited | And All My Friendz
===========================================================================================
[!] Red n'black i dress eagle on my chest
It's good to be an ALBANIAN
Keep my head up high for that flag I die
Im proud to be an ALBANIAN
===========================================================================================

Navigation

Suggest Exploit

Services By CQR