Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

[HSC Security Group] ASP Inline Corporate Calendar SQL injection

From: Zinho <zinho () hackerscenter com>
Date: 3 May 2005 16:39:32 -0000


Hackers Center Security Group (http://www.hackerscenter.com/)         
Zinho's Security Advisory          

Desc: SQL injection : ASP Inline Corporate Calendar
Risk: Medium

The Corporate Calendar is a nice asp script to manage a calendar shared by users. It has been downloaded by thousands 
people, and it is considered one of the most successful asp script at hotscripts.com

Multiple sql injections affect ASP Inline Corporate Calendar:

POC:

Calendar/defer.asp?Event_ID='&Occurr_ID=0
or
Calendar/details.asp?Event_ID='


Vendor has been contacted 10 days ago. Noone replied. 



Author:          
Zinho is webmaster and founder of http://www.hackerscenter.com ,       
Security research   portal        
Secure Web Hosting Companies Reviewed:       
http://www.securityforge.com/web-hosting/secure-web-hosting.asp       

zinho-no-spam @ hackerscenter.com
Previous By Date Next
Previous By Thread Next

Current thread: