The Joomla Extcalendar component suffers from a remote blind SQL injection vulnerability.
18c6b56bbc0d365f7309942fc4fe812e15e8c28ecc28c5f1a043e60918e92802
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
Joomla Component com_extcalendar Blind SQL Injection Vulnerability
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
# Date: 20/08/2010 0
# Author : Lagripe-Dz 1
# contact : Lagripe-Dz@hotmail.com 8
# Home : Algeria 1
# Category: webapps/0day 0
# Tested on: [ win xp sp2 ] 8
# Dork allinurl:"com_extcalendar" 1
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
[+] Vulnerable File :
http://www.site.com/[PATH]/components/com_extcalendar/cal_popup.php?extmode=view&extid=[BLIND_SQL]
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
Greetz 2 Allah and Ramadan Karim
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0