Matt Kruse Calendar Arbitrary Command Execution Vulnerability

calender_admin.pl - easiest.

Assuming http://www.ownable.domain/ has calender.pl at:
http://www.ownable.domain/cgi-bin/calender.pl

The admin script by default is at:
http://www.ownable.domain/cgi-bin/calender_admin.pl

Going to that URL will result in a username/password/configuration file input fields. Ignoring username and password, enter:

|<command here>|

(With the pipes) in the configuration file field.

e.g.

|ping 127.0.0.1|


 

Privacy Statement
Copyright 2010, SecurityFocus