Tuesday, 28 May 2013

ExtCalendar 2 SQL Injection Vulnerability


Assalamualaikum dan salam sejahtera.Hari ini aku nak ajar exploit sql injection.Exploit ni sebenarnya dah lama tapi website baru masih menggunakan webapps ExtCalendar 2 ni.Jadi banyak lagi website yang ada hehe..

Ok Jom mula.

1. Cari website dengan google dork :
inurl:calendar.php?mode=cat

"ExtCalendar 2"

2. Pilih salah satu website.Vuln :

http://www.site.com/[PATH]/calendar.php?mode=cat&cat_id=[SQLi]


3. Korang boleh inject manual atau guna havij.

4. Bila korang dah berjaya inject, login page :

http://www.site.com/[PATH]/login.php


Lepas dah login korang edit la event dan letak code html korang! siap!

Live site :


http://www.el-eaga.com/calendar/calendar.php?mode=cat&cat_id=2
http://www.notebox.ca/ggmss/calander/calendar.php?mode=cat&cat_id=6
http://fassurvival.com/calendar/calendar.php?mode=cat&cat_id=2

banyak lagi kat google :P

Item Reviewed: ExtCalendar 2 SQL Injection Vulnerability Description: Rating: 5 Reviewed By Afif Zafri

Share:

Popular Posts

© 2011 - Reaperz All rights reserved | Theme Designed by Seo Blogger Templates DMCA.com