Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include

To: trzindan@xxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include
From: Stefano Zanero <s.zanero@xxxxxxxxxxxxxxxx>
Date: Sun, 28 Jan 2007 22:05:31 +0100
In-reply-to: <20070127174655.27269.qmail@xxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Organization: Secure Network S.r.l.
References: <20070127174655.27269.qmail@xxxxxxxxxxxxxxxxx>
User-agent: Thunderbird 1.5.0.9 (X11/20061223)

trzindan@xxxxxxxxxx wrote:

> local Calendar System v1.1 (lcStdLib.inc) Remote File Include

Fake vuln

> code :

The variables are set in config.php

> exploit:

You never tested them. Which is pretty lame.

Stefano

Follow-Ups:
- Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include
  - From: Gadi Evron

References:
- local Calendar System v1.1 (lcStdLib.inc) Remote File Include
  - From: trzindan

Prev by Date: Fake: Open Conference Systems = 2.8.2 Remote File Inclusion
Next by Date: CVSTrac 2.0.0 Denial of Service (DoS) vulnerability
Previous by thread: local Calendar System v1.1 (lcStdLib.inc) Remote File Include
Next by thread: Re: local Calendar System v1.1 (lcStdLib.inc) Remote File Include
Index(es):
- Date
- Thread