| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20030724215138.GA8656@easter-eggs.com> Date: Thu, 24 Jul 2003 23:51:38 +0200 From: Emmanuel Lacour <elacour@...ter-eggs.com> To: bugtraq@...urityfocus.com Subject: Re: WebCalendar Include File On Sun, Jul 20, 2003 at 08:20:15PM -0500, noconflic wrote: > > > Webcalendar 0.9.41 and below. > http://webcalendar.sourceforge.net/ > > Since this appears to be public info now. > > Problem: > http://sourceforge.net/forum/forum.php?thread_id=901234&forum_id=11588 > > Exploit: > http://www.some.host/webcalendar/[filename].php?user_inc=../../../../../etc/passwd > > The bug seems to be in includes/function.php in the "temporary hack" to make webcalendar working with register_globals set to "off". A quick fix could be to add: unset($HTTP_GET_VARS["user_inc"]); at the beginning of "includes/function.php". My 2 cents ;-) -- Emmanuel Lacour ------------------------------------ Easter-eggs 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37 - Fax: +33 (0) 1 41 35 00 76 mailto:elacour@...ter-eggs.com - http://www.easter-eggs.com
Powered by blists - more mailing lists