Damn profile powered by punbb. PunBB installation and extensions. Register and location
Recently, a number of vulnerabilities were found in PunBB - PHP inclusion and SQL injection.
Vulnerability allows a remote user to execute arbitrary SQL
commands in the application database. A remote authorized user can
execute an arbitrary PHP script on the target system. The vulnerability exists due to insufficient processing of input data in the script.
profile.php. With the "register_globals" option enabled, the remote
the user can execute arbitrary SQL commands in the database
applications. There is a vulnerability in the handling of pun_include tags. Remote user
can load and execute an arbitrary PHP script on the target system.
Forum developers do not cease to please ordinary people with new versions
their products, and the inhabitants, in turn, with the resources of servers of simple
scriptkiddy. Just the other day, 2 new critical bugs were discovered in
a popular punbb forum by a man named Stefan Esser.
And now I will try to explain how it all works.
First you need to raise the rights to the administrator using sql-injection.
Opening the page in the browser
http://site.ru/punbb/profile.php?id=*
save it to the screw, change the line through notepad: