--Alt-Boundary-17597.19317787
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body

Hackers Center Security Group (http://www.hackerscenter.com/)         
Zinho's Security Advisory          

Desc: SQL injection : ASP Inline Corporate Calendar
Risk: Medium

The Corporate Calendar is a nice asp script to manage a calendar 
shared by users. It has been downloaded by thousands people, and it is 
considered one of the most successful asp script at hotscripts.com

Multiple sql injections affect ASP Inline Corporate Calendar:

POC:

Calendar/defer.asp?Event_ID='&Occurr_ID=0
or
Calendar/details.asp?Event_ID='


Vendor has been contacted 10 days ago. Noone replied. 



Author:          
Zinho is webmaster and founder of http://www.hackerscenter.com ,       
Security research   portal        
Secure Web Hosting Companies Reviewed:       
http://www.securityforge.com/web-hosting/secure-web-hosting.asp       

zinho-no-spam @ hackerscenter.com 

====>
Webmaster of
.:[ Hackers Center : Internet Security Portal]:.
http://www.hackerscenter.com
http://www.securityforge.com/web-hosting



--Alt-Boundary-17597.19317787
Content-type: text/html; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body

<?xml  version="1.0" ?><html>
<head>
<title></title>
</head>
<body>
<div align="left"><font face="Arial"><span style="font-size:10pt">Hackers Center Security Group (</span></font><font face="Arial" color="#008000"><span style="font-size:10pt"><u>http://www.hackerscenter.com/</u></span></font><font 
face="Arial"><span style="font-size:10pt">)&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160; </span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Zinho's Security Advisory&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160; </span></font></div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Desc: SQL injection : ASP Inline Corporate Calendar</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Risk: Medium</span></font></div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">The Corporate Calendar is a nice asp script to manage a calendar 
shared by users. It has been downloaded by thousands people, and it is 
considered one of the most successful asp script at hotscripts.com</span></font></div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Multiple sql injections affect ASP Inline Corporate Calendar:</span></font></div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">POC:</span></font></div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Calendar/defer.asp?Event_ID='&amp;Occurr_ID=0</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">or</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Calendar/details.asp?Event_ID='</span></font></div>
<div align="left"><br/>
</div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Vendor has been contacted 10 days ago. Noone replied. </span></font></div>
<div align="left"><br/>
</div>
<div align="left"><br/>
</div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Author:&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160;&#160; </span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Zinho is webmaster and founder of </span></font><font face="Arial" color="#008000"><span style="font-size:10pt"><u>http://www.hackerscenter.com</u></span></font><font 
face="Arial"><span style="font-size:10pt"> ,&#160;&#160;&#160;&#160;&#160;&#160; </span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Security research&#160;&#160; portal&#160;&#160;&#160;&#160;&#160;&#160;&#160; </span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Secure Web Hosting Companies Reviewed:&#160;&#160;&#160;&#160;&#160;&#160; </span></font></div>
<div align="left"><font face="Arial" color="#008000"><span style="font-size:10pt"><u>http://www.securityforge.com/web-hosting/secure-web-hosting.asp</u></span></font><font face="Arial"><span 
style="font-size:10pt">&#160;&#160;&#160;&#160;&#160;&#160; </span></font></div>
<div align="left"><br/></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">zinho-no-spam @ hackerscenter.com </span></font></div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">====&gt;</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Webmaster of</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">.:[ Hackers Center : Internet Security Portal]:.</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">http://www.hackerscenter.com</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">http://www.securityforge.com/web-hosting</span></font></div>
<div align="left"><br/>
</div>
<div align="left"></div>
</body>
</html>

--Alt-Boundary-17597.19317787--