# Author: __GiReX__ 26/07/08
# Homepage: # CMS: IceBB input; $g)
{
...
$where_clauses[] = "{$k}='{$g}'"; qwhere = implode(' AND ',$where_clauses);
$total = $db->fetch_result("SELECT COUNT(*) as total FROM icebb_users{$this->qwhere}{$qextra}"); eatCookie('uid');
$login_key = $std->eatCookie('login_key');$icebb->hooks->hook('login_autoLogin', $uid, $login_key);$userq = $db->query("SELECT u.*,g.* FROM icebb_users AS u LEFT JOIN icebb_groups AS g ON u.user_group=g.gid WHERE u.id=".intval($uid)." AND u.login_key='{$login_key}' LIMIT 1");
$udata = $db->fetch_row($userq);if($db->get_num_rows($userq)>=1)
{
if($std->eatCookie('pass')==$udata['password'])
{
$sessid = md5(uniqid(microtime()));
$ip = $icebb->client_ip;
$user_agent = $std->clean_string($_SERVER['HTTP_USER_AGENT']);//$db->query("DELETE FROM icebb_session_data WHERE username='{$udata['username']}' OR ip='{$ip}'",1);175. $sessdata = $this->create_session($udata['username'],$udata['id'],false,true);
If admin has cookies enabled we can login and create/edit/delete posts and topics.############################### Perl Exploit Start #############################
#!/usr/bin/perl
# IceBB