Kusaba <= 1.0.4 - Remote Code Execution Exploit

No description provided by source. ?php / 9 Oct 2008 Kusaba = 1.0.4 Remote Code Execution Sausage [email protected] After execution: http://www.kusaba.image.board/url/kasubaoek/oekaki.php?pc=print Hello; http://www.kusaba.image.board/url/kasubaoek/oekaki.php?sc=echo Hello / $shellname =...

Kusaba <= 1.0.4 - Remote Code Execution Exploit (2)

No description provided by source. !-- 9 Oct 2008 Kusaba = 1.0.4 Remote Code Execution Exploit 2 Sausage [email protected] Will work if they have left the loadreceiver.php script un-edited. After execution: Yes these are the exact URLs http://www.kusaba.image.board/url/change this to the same...

Kusaba X Multiple Cross Site Scripting Vulnerabilities

Kusaba X is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the...

Kusaba X 0.9 - Multiple Cross-Site Scripting Vulnerabilities

Kusaba X 0.9 - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/47626/info Kusaba X is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute...

Kusaba X 0.9 - Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/47626/info Kusaba X is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in th...

Kusaba X &lt;= 0.9 XSS/CSRF vulnerabilities

========================================== Kusaba X = 0.9 XSS/CSRF vulnerabilities ========================================== Kusaba X suffers XSS and CSRF vulnerabilities that would allow an attacker to take over the web application and possibly the entire server depending on the MySQL...

Kusaba X <= 0.9 XSS/CSRF vulnerabilities

Exploit for unknown platform in category web applications ======================================== Kusaba X . iframes work too The injected script will render and execute when a Moderator or Administrator views the reports. If a Moderator falls victim, the worst case scenario would be cookie...

Kusaba X 0.9 Cross Site Scripting / Cross Site Request Forgery

========================================== Kusaba X . iframes work too The injected script will render and execute when a Moderator or Administrator views the reports. If a Moderator falls victim, the worst case scenario would be cookie stealing followed by session hijacking and account theft. If...

CVE-2008-5663

Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using 1 loadreceiver.php or 2 a shipainter action to paintsave.php, then accessing the uploaded file via a dire...

Unrestricted file upload

Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using 1 loadreceiver.php or 2 a shipainter action to paintsave.php, then accessing the uploaded file via a dire...

CVE-2008-5663

Multiple unrestricted file upload vulnerabilities in Kusaba 1.0.4 and earlier allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension using 1 loadreceiver.php or 2 a shipainter action to paintsave.php, then accessing the uploaded file via a dire...

CVE-2008-5663

The CVE-2008-5663 issue affects Kusaba 1.0.4 and earlier, where multiple unrestricted file upload flaws allow remote authenticated users to execute arbitrary code by uploading a file with an executable extension via load_receiver.php or via a shipainter action to paint_save.php, then accessing th...

Kusaba 1.0.4 - Remote Code Execution (2)

Kusaba 1.0.4 - Remote Code Execution 2 Will work if they have left the loadreceiver.php script un-edited. After execution: Yes these are the exact URLs http://www.kusaba.image.board/url/change this to the same value as your KUROOTDIRpost.php?pc=print "Hello";...

kusaba2-exec.txt

Will work if they have left the loadreceiver.php script un-edited. After execution: Yes these are the exact URLs http://www.kusaba.image.board/url/change this to the same value as your KUROOTDIRpost.php?pc=print "Hello"; http://www.kusaba.image.board/url/change this to the same value as your...

Kusaba 1.0.4 - Remote Code Execution (1)

After execution: http://www.kusaba.image.board/url/kasubaoek/oekaki.php?pc=print "Hello"; http://www.kusaba.image.board/url/kasubaoek/oekaki.php?sc=echo Hello / $shellname = 'oekaki.php'; // any filename ending in php $server = 'http://www.kusaba.image.board/url/'; // BBS website, with trailing...

kusaba1-exec.txt

After execution: http://www.kusaba.image.board/url/kasubaoek/oekaki.php?pc=print "Hello"; http://www.kusaba.image.board/url/kasubaoek/oekaki.php?sc=echo Hello / $shellname = 'oekaki.php'; // any filename ending in php $server = 'http://www.kusaba.image.board/url/'; // BBS website, with trailing...

Kusaba <= 1.0.4 Remote Code Execution Exploit #2

Exploit for unknown platform in category web applications ================================================ Kusaba 0day.today 2018-01-06...

Kusaba &lt;= 1.0.4 Remote Code Execution Exploit #2

No description provided by source. !-- 9 Oct 2008 Kusaba = 1.0.4 Remote Code Execution Exploit 2 Sausage [email protected] Will work if they have left the loadreceiver.php script un-edited. After execution: Yes these are the exact URLs http://www.kusaba.image.board/url/change this to the same...

Kusaba <= 1.0.4 Remote Code Execution Exploit

Exploit for unknown platform in category web applications ============================================= Kusaba 'what this is for', ; function builddata$adata $data = ''; foreach $adata as $k = $v $data .= "$k=$v;"; return substr$data,0,-1; function datalen$data return...

Kusaba 1.0.4 - Remote Code Execution (1)

Kusaba 1.0.4 - Remote Code Execution 1 After execution: http://www.kusaba.image.board/url/kasubaoek/oekaki.php?pc=print "Hello"; http://www.kusaba.image.board/url/kasubaoek/oekaki.php?sc=echo Hello / $shellname = 'oekaki.php'; // any filename ending in php $server =...