Calendarix – ‘cal_cat.php’ SQL Injection

• Exploit Database
• 119 阅读

• 作者： SixP4ck3r
  日期： 2010-07-17
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/14393/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41

  =============================================================================== Calendarix (cal_cat.php) SQL Injection Vulnerability ===============================================================================   Author: SixP4ck3r Email & msn : SixP4ck3r@Bolivia.com Date: 17 July 2010 Critical Lvl: High Impact: Exposure of sensitive information Where : From Remote web : http://foro.nbsecurity.net/ Credits : Diablada and Caporal is Bolivian Dork : inurl:cal_cat.php?op= --------------------------------------------------------------------------- [Sofware afected info] Calendarix it&apos;s a events manager based in web write in php, requiere mysql for database. [Download] http://www.calendarix.com/ [Afected versions] All + 0 day --------------------------------------------------------------------------- [Bug]   if ($limit>$totalrows) $limit = 0 ; $query .= " LIMIT ".$limit.",".$limitrow ;   $query = "select ".$qstr.$query ; // echo "<h4>".$query."</h4>"; $result = mysql_query($query); $rowname = mysql_fetch_object($result); $rows = mysql_num_rows($result); --------------------------------------------------------------------------- [Exploting..demo]   http://example/[path]/calendar/cal_cat.php?op=cat&id=1&year=2010&sort=&catmonth=6&catview=0&limit=[SQL] --------------------------------------------------------------------------- With R3gards, SixP4ck3r from Bolivia ___eof____