header-logo
Suggest Exploit
vendor:
com_extcalendar
by:
Lagripe-Dz
7,5
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: com_extcalendar
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP2
2010

Joomla Component com_extcalendar Blind SQL Injection Vulnerability

A Blind SQL Injection vulnerability exists in the Joomla Component com_extcalendar. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable parameter extid in the cal_popup.php file. This can allow the attacker to gain access to sensitive information from the database.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries. Additionally, developers should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
   Joomla Component com_extcalendar Blind SQL Injection Vulnerability
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
# Date: 20/08/2010                                                       0
# Author : Lagripe-Dz                                                   1
# contact : Lagripe-Dz@hotmail.com                                       8
# Home : Algeria                                                       1
# Category: webapps/0day                                               0
# Tested on: [ win xp sp2 ]                                               8
# Dork  allinurl:"com_extcalendar"                                       1
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0

[+] Vulnerable File :
http://www.site.com/[PATH]/components/com_extcalendar/cal_popup.php?extmode=view&extid=[BLIND_SQL]

0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
                 Greetz 2 Allah and Ramadan Karim
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0