WebCalendar Exploitation

Published: 2005-09-13
Last Updated: 2005-09-13 01:55:25 UTC
by Kevin Hong (Version: 1)
0 comment(s)

We have had reports submitted that web servers running WebCalendar 0.9.x or WebCalendar 1.x are being exploited. Currently some of defacer/cracker starts using WebCalendar php remote injection vulnerability. They are using when defacing web site, uploading Trojan and others. I saw some of defacer group use this kind of method then uploading Trojan which steal bank id/pw from user?s system.

Official WebCalendar releases can be obtained from the SourceForge  development server. The latest version is 1.0.1, please update to latest version.

Secunia Vulnerability description - WebCalendar "includedir" Atbitrary File Inclusion Vulnerability
SecurityFocus Vulnerability description - WebCalendar Send_Reminders.PHP Remote File Include Vulnerability

Kevin Hong
Handler On Duty

0 comment(s)


Diary Archives