The best tools for crowd marketing. Installation and expansion of PunBB Napolyaga profile powered by punbb
Recently, in PunBB it was discovered that there are a lot of problems - PHP inclusion and SQL inclusion.
Infusion allows remote users to log in more SQL
commands in the program database. You can remove further authorizations from the Koristuvach
Launch a complete PHP script on the target system. The spillover comes from insufficient processing of the script's input data
"profile.php". When the "register_globals" option is enabled, the
The correspondent can access more SQL commands from the database
program It begins to flow during the processing of pun_include tags. Viddaleniy koristuvach
You can download and download a large PHP script on your target system.
Forum developers never cease to delight ordinary people with new versions
their products, and the inhabitants, at their own expense, with the resources of simple servers
scriptkiddi. In just a few days, 2 new critical bugs were discovered in
to the popular punbb forum by people named Stefan Esser.
And now I’ll try to explain how everything works.
To begin with, you need to raise the rights to the administrator for additional sql-injection.
Opening the page in the browser
http://site.ru/punbb/profile.php?id=*
We save it for gwent, change the row through the notepad: