|
|
Re: WebCalendar Include File: msg#00388security.bugtraq
On Sun, Jul 20, 2003 at 08:20:15PM -0500, noconflic wrote: > > > Webcalendar 0.9.41 and below. > http://webcalendar.sourceforge.net/ > > Since this appears to be public info now. > > Problem: > http://sourceforge.net/forum/forum.php?thread_id=901234&forum_id=11588 > > Exploit: > > http://www.some.host/webcalendar/[filename].php?user_inc=../../../../../etc/passwd > > > The bug seems to be in includes/function.php in the "temporary hack" to make webcalendar working with register_globals set to "off". A quick fix could be to add: unset($HTTP_GET_VARS["user_inc"]); at the beginning of "includes/function.php". My 2 cents ;-) -- Emmanuel Lacour ------------------------------------ Easter-eggs 44-46 rue de l'Ouest - 75014 Paris - France - Métro Gaité Phone: +33 (0) 1 43 35 00 37 - Fax: +33 (0) 1 41 35 00 76 mailto:elacour@xxxxxxxxxxxxxxx - http://www.easter-eggs.com |
|
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| Previous by Date: | Re: e107 website system Vulnerability: 00388, Steve Dunstan |
|---|---|
| Next by Date: | Re: ssh host key generation in Red Hat Linux: 00388, Brian Hatch |
| Previous by Thread: | WebCalendar Include Filei: 00388, noconflic |
| Next by Thread: | [RHSA-2003:238-01] Updated 2.4 kernel fixes vulnerabilities: 00388, bugzilla |
| Indexes: | [Date] [Thread] [Top] [All Lists] |
| News | FAQ | advertise |