This exploit targets the ColdCalender v2.06 application, specifically the index.cfm file which is vulnerable to SQL Injection. The exploit assumes that the target has a MSSQL backend. It allows an attacker to execute arbitrary SQL queries and retrieve sensitive information from the database. The exploit also identifies the version of the database, the hostname, the database user, and the database name.
This exploit is a Remote Blind SQL Injection exploit for ColdGen - coldusergroup v1.06. It uses parameters ArticleID & LibraryID to exploit the vulnerability. It also has XSS in the search.
ColdGen's coldbookmarks v1.22 is vulnerable to a remote SQL injection vulnerability. This vulnerability allows an attacker to inject arbitrary SQL code into the application. This can be exploited to gain access to the database and potentially gain access to sensitive information.
ColdGen's coldofficeview v2.04 is vulnerable to Remote Blind SQL Injection. This vulnerability can be exploited by sending a maliciously crafted HTTP request to the vulnerable application. The PoC's provided demonstrate how an attacker can use the EventID and UserID parameters to inject malicious SQL code into the application.
Services By CQR