[VIM] Source Verify of LunarPoll PollDir RFI

Heinbockel, Bill heinbockel at mitre.org
Fri Jan 12 13:18:55 EST 2007


Researcher: ilker Kandemir
BUGTRAQ:20070112 LunarPoll (PollDir) Remote File Include
Vulnerabilities
http://www.securityfocus.com/archive/1/archive/1/456697/100/0/threaded

Claim:
RFI in the PollDir parameter in show.php


Source, show.php, lines 1-5:
> <?PHP
>   echo "\n\n<!-- LUNARPOLL CODE, Begins -->\n\n\n";
>   // Includes the functions
>   require_once($PollDir.'/includes/functions.php');
>   require_once($PollDir.'/includes/IO.php');



William Heinbockel
Infosec Engineer
The MITRE Corporation
202 Burlington Rd. MS S145
Bedford, MA 01730
heinbockel at mitre.org
781-271-2615


More information about the VIM mailing list