CVE-2003-1179

Advanced Poll 2.0.2 - Remote File Inclusion via include_path or base_path Parameter

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2003-1179. PoCs published by Solpot.

AI-analyzed exploit summary The exploit describes a remote file inclusion vulnerability in Advanced Poll 2.02 due to improper input sanitization in the 'base_path' parameter. An attacker can execute arbitrary remote files by manipulating the parameter in the 'common.inc.php' script.

Description

Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2.0.2 allow remote attackers to execute arbitrary PHP code via the include_path parameter in (1) booth.php, (2) png.php, (3) poll_ssi.php, or (4) popup.php, the (5) base_path parameter to common.inc.php.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Solpot · textwebappsphp

https://www.exploit-db.com/exploits/28253

View Code ZIP pw:eip

The exploit describes a remote file inclusion vulnerability in Advanced Poll 2.02 due to improper input sanitization in the 'base_path' parameter. An attacker can execute arbitrary remote files by manipulating the parameter in the 'common.inc.php' script.

Classification

Writeup 80%

Attack Type

Rce

Complexity

Trivial

Reliability

Theoretical

Target: Advanced Poll 2.02

No auth needed

Prerequisites: Network access to the target application · Ability to host a malicious file on a remote server

MITRE ATT&CK