SQL Injection Vulnerability in ExtCalendar 2

2011-05-05T00:00:00
ID HTB22986
Type htbridge
Reporter High-Tech Bridge
Modified 2011-05-05T00:00:00

Description

High-Tech Bridge SA Security Research Lab has discovered vulnerability in ExtCalendar 2 which could be exploited to perform SQL injection attacks.

1) SQL injection vulnerability in ExtCalendar 2
The vulnerability exists due to input sanitation errors in the "search" parameter in cal_search.php. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary SQL commands in application`s database. Successful exploitation may allow an attacker to read, modify, add or delete arbitrary data in the database.
Exploitation example:
<form action="http://[host]/cal_search.php" method="post" enctype="multipart/form-data">
<input type="hidden" name="search" value="') union select 1,version(),3,4,5,6,7,8,9,10 -- ">
<input type="submit" value="OK">