by r0t,der4444,cembo,VietMafia

Saturday, November 26, 2005

BosDates v4.0 SQL vuln

BosDates v4.0 SQL vuln
Vuln. dicovered by : r0t
Date: 26 nov. 2005
Vendor:http://www.bosdev.com/bosdates/
affected version: BosDates v4.0 and prior


Product description:

The BosDates event calendar is a flexible calendar system which allows for multiple calendars, email notifications, repeating events and much more. All of which are easily maintained by even the least techincal users.
The BosDates event calendar system allows your visitors to interact with your site on a whole new level. And we all know that interactive websites keep their visitors coming back on a regular basis.
With BosDates you can Create unlimited calendars easily, Assign calendars to non technical users, Inform target audiences of events that interest them and Publish your events world wide
The BosDates calendar system is the best full featured calendar system on the market today at half the price of our competitors!

Vuln. Description:

Input passed to the "year" and "category" parameters isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


example:
/calendar.php?type=day&calendar=&category=&day=25&month=11&year=[SQL]
/calendar.php?type=day&calendar=&category=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

2 Comments:

Anonymous BosDev told...

BosDev has now released a fix for this issue.

5:07 PM

 
Anonymous r0t told...

Its nice to hear that you realesed a fix !

7:43 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew