[VIM] Source Verify of LunarPoll PollDir RFI
Heinbockel, Bill
heinbockel at mitre.org
Fri Jan 12 13:18:55 EST 2007
Researcher: ilker Kandemir
BUGTRAQ:20070112 LunarPoll (PollDir) Remote File Include
Vulnerabilities
http://www.securityfocus.com/archive/1/archive/1/456697/100/0/threaded
Claim:
RFI in the PollDir parameter in show.php
Source, show.php, lines 1-5:
> <?PHP
> echo "\n\n<!-- LUNARPOLL CODE, Begins -->\n\n\n";
> // Includes the functions
> require_once($PollDir.'/includes/functions.php');
> require_once($PollDir.'/includes/IO.php');
William Heinbockel
Infosec Engineer
The MITRE Corporation
202 Burlington Rd. MS S145
Bedford, MA 01730
heinbockel at mitre.org
781-271-2615
More information about the VIM
mailing list