Joomla Component com_extcalendar Blind SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Joomla Component com_extcalendar Blind SQL Injection Vulnerability
# Published : 2010-08-20
# Author : Lagripe-Dz
# Previous Title : VBbuletin 4.0.4 Multiple Vulnerabilities
# Next Title : Joomla Component (com_Fabrik) SQL Injection Vulnerability

0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
   Joomla Component com_extcalendar Blind SQL Injection Vulnerability
1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
# Date: 20/08/2010                                                       0
# Author : Lagripe-Dz                                                   1
# contact : Lagripe-Dz@hotmail.com                                       8
# Home : Algeria                                                       1
# Category: webapps/0day                                               0
# Tested on: [ win xp sp2 ]                                               8
# Dork  allinurl:"com_extcalendar"                                       1
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0

[+] Vulnerable File :
http://www.site.com/[PATH]/components/com_extcalendar/cal_popup.php?extmode=view&extid=[BLIND_SQL]

0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
                 Greetz 2 Allah and Ramadan Karim
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0