SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Calendar)  >   BosDates Vendors:   BosDev, Inc.
BosDates 'calendar_download.php' Input Validation Flaw Lets Remote Users Inject SQL Commands
SecurityTracker Alert ID:  1009016
SecurityTracker URL:  http://securitytracker.com/id/1009016
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Feb 11 2004
Impact:   Disclosure of user information, Execution of arbitrary code via network
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  

Description:   G00db0y from Zone-h Security Labs reported a vulnerability in BosDates. A remote user can inject SQL commands to obtain potentially sensitive information.

It is reported that the 'calendar_download.php' script does not properly validate user-supplied input in the 'calendar' parameter. A remote user can create a specially crafted URL to influence the SQL query logic and obtain potentially sensitive information from the database.

A demonstration exploit URL is provided:

http://[target]/directory/calendar_download.php?calendar=[query]

The original advisory is available at:

http://www.zone-h.org/en/advisories/read/id=3925/

Impact:   A remote user can inject SQL commands to obtain information from the database.
Solution:   The vendor has reportedly issued a fix.

[Editor's note: The report did not indicate what the fixed version number is.]

Vendor URL:  www.bosdev.com/bosdates/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  ZH2004-05SA (security advisory): Sql Injection Vulnerability in BosDates


ZH2004-05SA (security advisory): Sql Injection Vulnerability in BosDates

Published: 11 february 2004

Released: 11 february 2004

Name: BosDates

Affected Systems: current and prior versions

Issue: Sql Injection Vulnerability

Author: G00db0y from Zone-h Security Labs - zetalabs@zone-h.org

Vendor: http://www.bosdev.com




Description

***********

Zone-h Security Team has discovered a flaw in BosDates. There is a vulnerability in the 
current version (and also in prior versions) of BosDates that allows an attacker to 
disclose sensitive information that could be used to gain unauthorized access.
"BosDates is hands-down the MOST feature packed calendar on the market today. The BosDates 
calendar system is the best full featured calendar system on the market today at half the 
price of our competitors!"




Details

*******


The problems exist due to insufficient sanitization of user-supplied data. A remote 
attacker may exploit this issue to influence SQL query logic to disclose sensitive 
information that could be used to gain unauthorized access.


For example try this:

http://www.site.com/directory/calendar_download.php?calendar=[query]




Solution:

*********

The vendor has been contacted and a patch was produced.




Original advisory:

******************

http://www.zone-h.org/en/advisories/read/id=3925/





G00db0y from Zone-h Security Labs - zetalabs@zone-h.org


 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC