On Sun, Jul 20, 2003 at 08:20:15PM -0500, noconflic wrote: > > > Webcalendar 0.9.41 and below. > http://webcalendar.sourceforge.net/ > > Since this appears to be public info now. > > Problem: > http://sourceforge.net/forum/forum.php?thread_id=901234&forum_id=11588 > > Exploit: > http://www.some.host/webcalendar/[filename].php?user_inc=../../../../../etc/passwd > > The bug seems to be in includes/function.php in the "temporary hack" to make webcalendar working with register_globals set to "off". A quick fix could be to add: unset($HTTP_GET_VARS["user_inc"]); at the beginning of "includes/function.php". My 2 cents ;-) -- Emmanuel Lacour ------------------------------------ Easter-eggs 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37 - Fax: +33 (0) 1 41 35 00 76 mailto:elacour@easter-eggs.com - http://www.easter-eggs.com
