SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Calendar)  >   PHP Event Calendar Vendors:   codewalkers.com
PHP Event Calendar (ltwCalendar) Missing Input Validation in 'id' Parameter Permits SQL Injection Attacks
SecurityTracker Alert ID:  1016364
SecurityTracker URL:  http://securitytracker.com/id/1016364
CVE Reference:   CVE-2005-4011   (Links to External Site)
Updated:  Jun 29 2006
Original Entry Date:  Jun 23 2006
Impact:   Disclosure of system information, Disclosure of user information, User access via network

Version(s): 4.2
Description:   A vulnerability was reported in PHP Event Calendar. A remote user can inject SQL commands.

The 'calendar.php' script does not properly validate user-supplied input in the 'id' parameter. A remote user can supply a specially crafted parameter value to execute SQL commands on the underlying database.

A demonstration exploit URL is of the following form:

/calendar.php?display=event&id=[SQL]

Silitix reported this vulnerability.

This product is also called 'ltwCalendar'.

[Editor's note: This vulnerability was original reported by r0t in November 2005 as affecting ltwCalendar version 4.1.3 (See CVE-2005-4011).]

Impact:   A remote user can execute SQL commands on the underlying database.
Solution:   No solution was available at the time of this entry.
Vendor URL:  calendar.codewalkers.com/ (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.


 Source Message Contents

Subject:  [Full-disclosure] Calendar ( Provided by Codewalkers ) - SQL

--===============1038955816==
Content-Type: multipart/alternative; 
	boundary="----=_Part_1453_18723950.1150953150491"

------=_Part_1453_18723950.1150953150491
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

[P]roduit : Calendar
            Provided by Codewalkers

[S]ite officiel : http://Calendar.codewalkers.com

[V]uln=E9rabilit=E9 : SQL Injection

[E]xploitation : /calendar.php?display=3Devent&id=3D[SQL]

[C]r=E9dit : Silitix - www.Silitix.com

[A]vis de s=E9curit=E9 original : www.Silitix.com/calendar-cws.php

[G]reetz : Simo64 / MSRT / VeNoM630 / CrAsH_oVeR_rIdE ... :)

------=_Part_1453_18723950.1150953150491
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline

[P]roduit : Calendar <br>&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&n=
bsp;&nbsp;&nbsp; Provided by Codewalkers<br>&nbsp;&nbsp; &nbsp;&nbsp;&nbsp;=
 &nbsp; &nbsp;<br>[S]ite officiel : <a href=3D"http://Calendar.codewalkers.=
com">http://Calendar.codewalkers.com</a><br><br>[V]uln=E9rabilit=E9 : SQL I=
njection<br><br>[E]xploitation : /calendar.php?display=3Devent&amp;id=3D[SQ=
L]
<br><br>[C]r=E9dit : Silitix - <a href=3D"http://www.Silitix.com">www.Silit=
ix.com</a><br><br>[A]vis de s=E9curit=E9 original : <a href=3D"http://www.S=
ilitix.com/calendar-cws.php">www.Silitix.com/calendar-cws.php</a><br><br>[G=
]reetz : Simo64 / MSRT / VeNoM630 / CrAsH_oVeR_rIdE ... :)

------=_Part_1453_18723950.1150953150491--


--===============1038955816==
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
--===============1038955816==--

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2019, SecurityGlobal.net LLC