[prev in list] [next in list] [prev in thread] [next in thread]
List: oss-security
Subject: [oss-security] Joomla com_blog_calendar SQL Injection Vulnerability
From: "Steevee a.k.a Stefanus" <steevee.aka () gmail ! com>
Date: 2016-12-26 9:08:45
Message-ID: CADr4Fi-gyCkOT_gv_ZoivJ7JWhMRLm=+2g8BSpP9LKNEJ5f=AQ () mail ! gmail ! com
[Download RAW message or body]
[Attachment #2 (multipart/alternative)]
==========================================================================================
Joomla com_blog_calendar SQL Injection Vulnerability
==========================================================================================
> -------------------------------------------------------------------------------------------------------------------------:
>
> # Exploit Title : Joomla com_blog_calendar SQL Injection Vulnerability
> # Date : 26th December 2016
> # Author : X-Cisadane
> # CMS Name : Joomla
> # CMS Developer : http://joomlacode.org/gf/project/blog_calendar/
> # Category : Web Application
> # Vulnerability : SQL Injection
> # Tested On : SQLMap 1.0.12.9#dev
> # Greetz to : X-Code YogyaFree, ExploreCrew, CodeNesia, Bogor Hackers
Community, Borneo Crew, Depok Cyber, Mantan
> -------------------------------------------------------------------------------------------------------------------------:
>
A SQL Injection Vulnerability has been discovered in the Joomla Module
called com_blog_calendar.
The Vulnerability is located in the
index.php?option=com_blog_calendar&modid=xxx Parameter.
Attackers are able to execute own SQL commands by usage of a GET Method
Request with manipulated modid Value.
Attackers are able to read Database information by execution of own SQL
commands.
DORKS (How to find the target) :
================================
inurl:/index.php?option=com_blog_calendar
Or use your own Google Dorks :)
Proof of Concept
================
SQL Injection
PoC :
http://[Site]/[Path]/index.php?option=com_blog_calendar&modid=['SQLi]
Screenshot (PoC) : http://i64.tinypic.com/2rqhhk4.png
Example of Vuln Sites :
https://www.zen-road.org/index.php?option=com_blog_calendar&modid=['SQLi]
http://www3.unitus.it/index.php?option=com_blog_calendar&modid=['SQLi]
http://chausyleshoz.by/en/index.php?option=com_blog_calendar&modid=['SQLi]
http://www.foms.kg/index.php?option=com_blog_calendar&modid=['SQLi]
http://www.iab.com.bd/index.php?option=com_blog_calendar&modid=['SQLi]
... etc ...
-= Regards =-
Steevee A.K.A
[Attachment #5 (text/html)]
<div dir="ltr"><div>========================================================================================== \
</div><div>Joomla com_blog_calendar SQL Injection Vulnerability \
</div><div>========================================================================================== \
</div><div><br></div><div>:-------------------------------------------------------------------------------------------------------------------------: \
</div><div>: # Exploit Title : Joomla com_blog_calendar SQL Injection Vulnerability \
</div><div>: # Date : 26th December 2016 </div><div>: # Author : X-Cisadane </div><div>: # \
CMS Name : Joomla </div><div>: # CMS Developer : <a \
href="http://joomlacode.org/gf/project/blog_calendar/">http://joomlacode.org/gf/project/blog_calendar/</a> \
</div><div>: # Category : Web Application </div><div>: # Vulnerability : SQL Injection \
</div><div>: # Tested On : SQLMap 1.0.12.9#dev</div><div>: # Greetz to : X-Code YogyaFree, \
ExploreCrew, CodeNesia, Bogor Hackers Community, Borneo Crew, Depok Cyber, Mantan \
</div><div>:-------------------------------------------------------------------------------------------------------------------------: \
</div><div><br></div><div>A SQL Injection Vulnerability has been discovered in the Joomla \
Module called com_blog_calendar. </div><div>The Vulnerability is located in the \
index.php?option=com_blog_calendar&modid=xxx Parameter. </div><div>Attackers are able to \
execute own SQL commands by usage of a GET Method Request with manipulated modid Value. \
</div><div>Attackers are able to read Database information by execution of own SQL commands. \
</div><div> </div><div>DORKS (How to find the target) : \
</div><div>================================ \
</div><div>inurl:/index.php?option=com_blog_calendar </div><div>Or use your own Google Dorks \
:) </div><div><br></div><div>Proof of Concept </div><div>================ \
</div><div><br></div><div>SQL Injection </div><div>PoC : \
</div><div>http://[Site]/[Path]/index.php?option=com_blog_calendar&modid=['SQLi] \
</div><div><br></div><div>Screenshot (PoC) : <a \
href="http://i64.tinypic.com/2rqhhk4.png">http://i64.tinypic.com/2rqhhk4.png</a> \
</div><div><br></div><div>Example of Vuln Sites : </div><div><a \
href="https://www.zen-road.org/index.php?option=com_blog_calendar&modid=['SQLi]">https://www.zen-road.org/index.php?option=com_blog_calendar&modid=['SQLi]</a> \
</div><div><a href="http://www3.unitus.it/index.php?option=com_blog_calendar&modid=['SQL \
i]">http://www3.unitus.it/index.php?option=com_blog_calendar&modid=['SQLi]</a> \
</div><div><a href="http://chausyleshoz.by/en/index.php?option=com_blog_calendar&modid=[' \
;SQLi]">http://chausyleshoz.by/en/index.php?option=com_blog_calendar&modid=['SQLi]</a> \
</div><div><a href="http://www.foms.kg/index.php?option=com_blog_calendar&modid=['SQLi]">http://www.foms.kg/index.php?option=com_blog_calendar&modid=['SQLi]</a> \
</div><div><a href="http://www.iab.com.bd/index.php?option=com_blog_calendar&modid=['SQL \
i]">http://www.iab.com.bd/index.php?option=com_blog_calendar&modid=['SQLi]</a> \
</div><div>... etc ...</div><div><br></div><div><div class="gmail_signature">-= Regards =-<br> \
Steevee A.K.A</div></div> </div>
--001a113b9a3a74101705448c169c--
["poc.txt" (text/plain)]
==========================================================================================
Joomla com_blog_calendar SQL Injection Vulnerability
==========================================================================================
> -------------------------------------------------------------------------------------------------------------------------: \
>
> # Exploit Title : Joomla com_blog_calendar SQL Injection Vulnerability
> # Date : 26th December 2016
> # Author : X-Cisadane
> # CMS Name : Joomla
> # CMS Developer : http://joomlacode.org/gf/project/blog_calendar/
> # Category : Web Application
> # Vulnerability : SQL Injection
> # Tested On : SQLMap 1.0.12.9#dev
> # Greetz to : X-Code YogyaFree, ExploreCrew, CodeNesia, Bogor Hackers Community, Borneo Crew, \
> Depok Cyber, Mantan
> -------------------------------------------------------------------------------------------------------------------------: \
>
A SQL Injection Vulnerability has been discovered in the Joomla Module called \
com_blog_calendar. The Vulnerability is located in the \
index.php?option=com_blog_calendar&modid=xxx Parameter. Attackers are able to execute own SQL \
commands by usage of a GET Method Request with manipulated modid Value. Attackers are able to \
read Database information by execution of own SQL commands.
DORKS (How to find the target) :
================================
inurl:/index.php?option=com_blog_calendar
Or use your own Google Dorks :)
Proof of Concept
================
SQL Injection
PoC :
http://[Site]/[Path]/index.php?option=com_blog_calendar&modid=['SQLi]
Screenshot (PoC) : http://i64.tinypic.com/2rqhhk4.png
Example of Vuln Sites :
https://www.zen-road.org/index.php?option=com_blog_calendar&modid=['SQLi]
http://www3.unitus.it/index.php?option=com_blog_calendar&modid=['SQLi]
http://chausyleshoz.by/en/index.php?option=com_blog_calendar&modid=['SQLi]
http://www.foms.kg/index.php?option=com_blog_calendar&modid=['SQLi]
http://www.iab.com.bd/index.php?option=com_blog_calendar&modid=['SQLi]
... etc ...
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic