|
Jax Calendar 1.34 vuln.
Vuln. dicovered by : r0t
Date: 29 nov. 2005
Orginal advisory:http://pridels.blogspot.com/2005/11/jax-calendar-134-vuln.html
Vendor:http://www.jtr.de/scripting/php/calendar/index_eng.html
affected version:1.34 and prior
Product Description:
Jax Calendar is an online calendar management tool that supports
multiple data sources (MySQL AND/OR CSV textfile chooseable),
different languages (currently English, German, Hungarian), different
views (day, month, year), easy to customize via CSS, user-friendly
admin frontend and detailed installation manual.
Vuln. description:
Input passed to the "cal_id" parameter isn't properly sanitised
before being used in a SQL query. This can be exploited to manipulate
SQL queries by injecting arbitrary SQL code.
example:
/jax_calendar.php?Y=2005&m=11&d=15&cal_id=[SQL]
also Input passed to the "Y" and "m" parameters isn't properly
sanitised before being used in a SQL query. As i tested i got system
overload.. So i cant say directly wich kind of attack can be used.
Solution:
Edit the source code to ensure that input is properly sanitised.
|
