Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Web Calendar Pro - Denial of Service SQL Injection Vulnerability

From: Scott Dewey <wr0ck.lists () gmail com>
Date: Wed, 15 Feb 2006 20:51:59 -0500
=======================================================================================
XOR Crew :: Security Advisory                                         
       1/12/2006
=======================================================================================
Web Calendar Pro - Denial of Service SQL injection (lame)
=======================================================================================
http://www.xorcrew.net/
=======================================================================================

:: Summary

      Vendor       :  MitriDAT
      Vendor Site  :  http://www.web-calendar-pro.com/
      Product(s)   :  Web Calendar Pro
      Version(s)   :  All
      Severity     :  Low/Medium
      Impact       :  Denial of Service
      Release Date :  1/12/2006
      Credits      :  ReZEN (rezen (a) xorcrew (.) net)

=======================================================================================

I. Description

Web Calendar Pro is a powerful yet easy to use multi-language calendar
system for
your website or your personal planning needs. This product can support unlimited
amount of web calendars, each of those can have its own settings. With
Web Calendar
Pro you could handle a big public schedule for publishing events on
your site, with
several users granted different rights for managing this calendar
events and unlimited
amount of subscribers, private calendar for managing your own tasks,
or just a mini
calendar to add more interactivity to your web site.

=======================================================================================

II. Synopsis

There is an unsanitized $tabls variable that allows for SQL injection
in to the DROP
query from the dropbase.php file.  This causes the script to become
un-opperational
until the table has been fixed or until the application has been
reinstalled.  The vendor
has been made aware of this situation and has fixed the issue.  Please
upgrade to the
latest version.

Example:

http://www.site.com/pathtocalendar/dropbase.php?tabls=&apos; or 1=1 --

=======================================================================================

IV. Greets :>

All of xor, Infinity, stokhli, ajax, gml, cijfer, my beautiful girlfriend.

=======================================================================================

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: