by r0t,der4444,cembo,VietMafia

Tuesday, November 29, 2005

Jax Calendar 1.34 vuln.

Jax Calendar 1.34 vuln.
Vuln. dicovered by : r0t
Date: 29 nov. 2005
Vendor:http://www.jtr.de/scripting/php/calendar/index_eng.html
affected version:1.34 and prior

Product Description:
Jax Calendar is an online calendar management tool that supports multiple data sources (MySQL AND/OR CSV textfile chooseable), different languages (currently English, German, Hungarian), different views (day, month, year), easy to customize via CSS, user-friendly admin frontend and detailed installation manual.

Vuln. description:
Input passed to the "cal_id" parameter isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

example:
/jax_calendar.php?Y=2005&m=11&d=15&cal_id=[SQL]

also Input passed to the "Y" and "m" parameters isn't properly sanitised before being used in a SQL query. As i tested i got system overload.. So i cant say directly wich kind of attack can be used.

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew