Users login

Create an account »

JOIN XATRIX

Users login

Home » Hacking News » WebCalendar Include Files Information Disclosure Vulnerability

WebCalendar Include Files Information Disclosure Vulnerability

by Nikola Strahija on June 9th, 2002 WebCalendar is a web application written in PHP and used to maintain a calendar for a single or multiple users. A vulnerability has been reported in WebCalendar that may allow attackers to view potentially sensitive information. Files containing configuration information are stored in the web root directory with '.inc' extensions. It may be possible for attackers to retrieve these files without processing by the PHP interpreter.


This information can then be used to mount further attacks against a vulnerable system.

Remote: Yes

Exploit: No

Solution: A workaround and general good-practice is to configure the webserver so that files ending with '.inc' are not output or processed by the PHP interpreter.

The vendor has a new version to address this issue.




Craig Knudsen WebCalendar 0.9.31:

Craig Knudsen Upgrade WebCalendar-0.9.35.tar.gz
http://prdownloads.sourceforge.net/webcalendar/WebCalendar-0.9.35.tar.gz?download

Craig Knudsen WebCalendar 0.9.32:

Craig Knudsen Upgrade WebCalendar-0.9.35.tar.gz
http://prdownloads.sourceforge.net/webcalendar/WebCalendar-0.9.35.tar.gz?download

Craig Knudsen WebCalendar 0.9.33:

Craig Knudsen Upgrade WebCalendar-0.9.35.tar.gz
http://prdownloads.sourceforge.net/webcalendar/WebCalendar-0.9.35.tar.gz?download

Craig Knudsen WebCalendar 0.9.34:

Craig Knudsen Upgrade WebCalendar-0.9.35.tar.gz
http://prdownloads.sourceforge.net/webcalendar/WebCalendar-0.9.35.tar.gz?download



Newsletter signup

Signup to our monthly newsletter and stay in touch with IT news!

Free E-books

We've got ebooks! But they're not online. :( Please give us a few days to bring downloads back.

Contact

Have something to say or just wanna drop us a line? Please keep this in mind: to spam, we reply with spam.

Contact us »