by r0t,der4444,cembo,VietMafia

Tuesday, November 29, 2005

88Script's Event Calendar v2.0 SQL inj. vuln.

88Script's Event Calendar v2.0 SQL inj. vuln.
Vuln. dicovered by : r0t
Date: 29 nov. 2005
Vendor:http://www.88scripts.com/
affected version: v2.0 and prior

Product Description:
A simple yet elegant event calendar. Easy to use and simple to configure. Makes event recording and display such a simple task. Bug fix on event search, also added a way to delete event. Version 2.0 includes an admin section to enable or disable HTML entries. Also you have an option to set the calendar to be public or private. Event queueing is also incorporated where event listings need approval before appearing on the calendar.

Vuln. description:
Input passed to the "m" parameter isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

example:
/index.php?d=28&m=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew