Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

bugtraq logo Bugtraq mailing list archives

Re: WebCalendar Include File
From: Emmanuel Lacour <elacour () easter-eggs com>
Date: Thu, 24 Jul 2003 23:51:38 +0200
On Sun, Jul 20, 2003 at 08:20:15PM -0500, noconflic wrote:



Webcalendar 0.9.41 and below.
http://webcalendar.sourceforge.net/

  Since this appears to be public info now. 

Problem: 
  http://sourceforge.net/forum/forum.php?thread_id=901234&forum_id=11588

Exploit:
  http://www.some.host/webcalendar/[filename].php?user_inc=../../../../../etc/passwd   





The bug seems to be in includes/function.php

in the "temporary hack" to make webcalendar working with
register_globals set to "off".

A quick fix could be to add:

unset($HTTP_GET_VARS["user_inc"]);

at the beginning of "includes/function.php".



My 2 cents ;-)

-- 
Emmanuel Lacour ------------------------------------ Easter-eggs
44-46 rue de l'Ouest  -  75014 Paris   -   France -  Métro Gaité
Phone: +33 (0) 1 43 35 00 37    -     Fax: +33 (0) 1 41 35 00 76
mailto:elacour () easter-eggs com   -    http://www.easter-eggs.com

  By Date           By Thread  

Current thread:
  • Re: WebCalendar Include File Emmanuel Lacour (Jul 25)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]