CVE-2007-0298

LunarPoll - Remote File Inclusion via PollDir Parameter

Title source: manual

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-0298. PoCs published by ilker Kandemir.

AI-analyzed exploit summary This exploit leverages a file inclusion vulnerability in LunarPoll by manipulating the PollDir parameter to include remote files. The attack is straightforward, requiring no authentication.

Description

PHP remote file inclusion vulnerability in show.php in LunarPoll, when register_globals is enabled, allows remote attackers to execute arbitrary PHP code via a URL in the PollDir parameter.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ilker Kandemir · textwebappsphp

https://www.exploit-db.com/exploits/3117

View Code ZIP pw:eip

This exploit leverages a file inclusion vulnerability in LunarPoll by manipulating the PollDir parameter to include remote files. The attack is straightforward, requiring no authentication.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: LunarPoll (version not specified)

No auth needed

Prerequisites: Remote file inclusion must be enabled on the target server

MITRE ATT&CK