Calendarix SQL Injection

2010-07-18T00:00:00
ID PACKETSTORM:91952
Type packetstorm
Reporter SixP4ck3r
Modified 2010-07-18T00:00:00

Description

                                        
                                            `===============================================================================  
Calendarix (cal_cat.php) SQL Injection Vulnerability  
===============================================================================  
  
Author : SixP4ck3r  
Email & msn : SixP4ck3r@Bolivia.com  
Date : 17 July 2010  
Critical Lvl : High  
Impact : Exposure of sensitive information  
Where : From Remote  
web : http://foro.nbsecurity.net/  
Credits : Diablada and Caporal is Bolivian  
Dork : inurl:cal_cat.php?op=  
---------------------------------------------------------------------------  
[Sofware afected info]  
Calendarix it's a events manager based in web write in php, requiere  
mysql for database.  
[Download]  
http://www.calendarix.com/  
[Afected versions]  
All + 0 day  
---------------------------------------------------------------------------  
[Bug]  
  
if ($limit>$totalrows) $limit = 0 ;  
$query .= " LIMIT ".$limit.",".$limitrow ;  
  
$query = "select ".$qstr.$query ;  
// echo "<h4>".$query."</h4>";  
$result = mysql_query($query);  
$rowname = mysql_fetch_object($result);  
$rows = mysql_num_rows($result);  
---------------------------------------------------------------------------  
[Exploting..demo]  
  
http://example/[path]/calendar/cal_cat.php?op=cat&id=1&year=2010&sort=&catmonth=6&catview=0&limit=[SQL]  
---------------------------------------------------------------------------  
With R3gards,  
SixP4ck3r from Bolivia  
___eof____  
  
`