EV0062.txt

2006-02-17T00:00:00
ID PACKETSTORM:43943
Type packetstorm
Reporter Aliaksandr Hartsuyeu
Modified 2006-02-17T00:00:00

Description

                                        
                                            `New eVuln Advisory:  
2200net Calendar system SQL Injection and Authentication Bypass Vulnerabilities  
http://evuln.com/vulns/62/summary.html  
  
--------------------Summary----------------  
eVuln ID: EV0062  
CVE: CVE-2006-0610  
Software: 2200net Calendar system  
Sowtware's Web Site: http://calendar.2200net.com/  
Versions: 1.2  
Critical Level: Moderate  
Type: SQL Injection  
Class: Remote  
Status: Unpatched. No reply from developer(s)  
Exploit: Available  
Solution: Not Available  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
-----------------Description---------------  
1. SQL Injection.  
  
Vulnerable script: program/calendar/calendar.php  
  
Variable fm_data[id] isn't properly sanitized. This can be used to make any SQL query by injecting arbitrary SQL code.  
  
Condition: magic_quotes_gpc - off  
  
  
2. Authentication Bypass.  
  
Vulnerable script: class/classlogin/adminlogin.php  
  
Variable $ad['acc'] isn't properly sanitized. This can be used to make any SQL query by injecting arbitrary SQL code.  
  
Condition: magic_quotes_gpc - off  
  
  
--------------Exploit----------------------  
Available at: http://evuln.com/vulns/62/exploit.html  
  
--------------Solution---------------------  
No Patch available.  
  
--------------Credit-----------------------  
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)  
  
  
Regards,  
Aliaksandr Hartsuyeu  
http://evuln.com  
`