TUCoPS :: Web :: Apps :: b06-3064.htm

Calendarix 0.7.20060401, SQL Injection Vulnerabilities
Calendarix 0.7.20060401, SQL Injection Vulnerabilities
Calendarix 0.7.20060401, SQL Injection Vulnerabilities



-----------------------------------------------------
Advisory id: FSA:018

Author:    Federico Fazzi
Date:	   15/06/2006, 23:36
Sinthesis: Calendarix 0.7.20060401, SQL Injection Vulnerabilities
Type:	   low
Product: http://www.calendarix.com/ 
Patch:	   unavailable
-----------------------------------------------------


1) Description:


Error occured in cal_event.php:

$dquery = "delete from ".$EVENTS_TB." where id='$id'";

Error occured in cal_popup.php:

$id = $_GET['id'];

2) Proof of concept:

http://example/[c_path]/cal_event.php?id=[SQL_QUERY] 
http://example/[c_path]/cal_popup.php?id=[SQL_QUERY] 

3) Solution:

on cal_event.php sanitized $id variable,
on cal_popup.php don't use $_GET['id'] to assign a value.

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH