ASP Inline Corporate Calendar is susceptible to a SQL injection vulnerability.
5ba799d0d46135bed045937cc3a0414d1df63c9d205b8878fcfc7a03a2042adc--Alt-Boundary-17597.19317787
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Hackers Center Security Group (https://www.hackerscenter.com/)
Zinho's Security Advisory
Desc: SQL injection : ASP Inline Corporate Calendar
Risk: Medium
The Corporate Calendar is a nice asp script to manage a calendar
shared by users. It has been downloaded by thousands people, and it is
considered one of the most successful asp script at hotscripts.com
Multiple sql injections affect ASP Inline Corporate Calendar:
POC:
Calendar/defer.asp?Event_ID='&Occurr_ID=0
or
Calendar/details.asp?Event_ID='
Vendor has been contacted 10 days ago. Noone replied.
Author:
Zinho is webmaster and founder of https://www.hackerscenter.com ,
Security research portal
Secure Web Hosting Companies Reviewed:
https://www.securityforge.com/web-hosting/secure-web-hosting.asp
zinho-no-spam @ hackerscenter.com
====>
Webmaster of
.:[ Hackers Center : Internet Security Portal]:.
https://www.hackerscenter.com
https://www.securityforge.com/web-hosting
--Alt-Boundary-17597.19317787
Content-type: text/html; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
<?xml version="1.0" ?><html>
<head>
<title></title>
</head>
<body>
<div align="left"><font face="Arial"><span style="font-size:10pt">Hackers Center Security Group (</span></font><font face="Arial" color="#008000"><span style="font-size:10pt"><u>https://www.hackerscenter.com/</u></span></font><font
face="Arial"><span style="font-size:10pt">) </span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Zinho's Security Advisory </span></font></div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Desc: SQL injection : ASP Inline Corporate Calendar</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Risk: Medium</span></font></div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">The Corporate Calendar is a nice asp script to manage a calendar
shared by users. It has been downloaded by thousands people, and it is
considered one of the most successful asp script at hotscripts.com</span></font></div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Multiple sql injections affect ASP Inline Corporate Calendar:</span></font></div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">POC:</span></font></div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Calendar/defer.asp?Event_ID='&Occurr_ID=0</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">or</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Calendar/details.asp?Event_ID='</span></font></div>
<div align="left"><br/>
</div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Vendor has been contacted 10 days ago. Noone replied. </span></font></div>
<div align="left"><br/>
</div>
<div align="left"><br/>
</div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Author: </span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Zinho is webmaster and founder of </span></font><font face="Arial" color="#008000"><span style="font-size:10pt"><u>https://www.hackerscenter.com</u></span></font><font
face="Arial"><span style="font-size:10pt"> , </span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Security research portal </span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Secure Web Hosting Companies Reviewed: </span></font></div>
<div align="left"><font face="Arial" color="#008000"><span style="font-size:10pt"><u>https://www.securityforge.com/web-hosting/secure-web-hosting.asp</u></span></font><font face="Arial"><span
style="font-size:10pt"> </span></font></div>
<div align="left"><br/></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">zinho-no-spam @ hackerscenter.com </span></font></div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">====></span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Webmaster of</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">.:[ Hackers Center : Internet Security Portal]:.</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">https://www.hackerscenter.com</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">https://www.securityforge.com/web-hosting</span></font></div>
<div align="left"><br/>
</div>
<div align="left"></div>
</body>
</html>
--Alt-Boundary-17597.19317787--
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed