IceBB
IceBB
发布时间:2016-02-19 来源:查字典编辑
摘要:#Author:__GiReX__26/07/08#Homepage:#CMS:IceBBinput;$g){...$where_claus...

# Author: __GiReX__ 26/07/08

# Homepage: # CMS: IceBB input; $g)

{

...

$where_clauses[] = "{$k}='{$g}'"; qwhere = implode(' AND ',$where_clauses);

$total = $db->fetch_result("SELECT COUNT(*) as total FROM icebb_users{$this->qwhere}{$qextra}"); eatCookie('uid');

$login_key = $std->eatCookie('login_key');$icebb->hooks->hook('login_autoLogin', $uid, $login_key);$userq = $db->query("SELECT u.*,g.* FROM icebb_users AS u LEFT JOIN icebb_groups AS g ON u.user_group=g.gid WHERE u.id=".intval($uid)." AND u.login_key='{$login_key}' LIMIT 1");

$udata = $db->fetch_row($userq);if($db->get_num_rows($userq)>=1)

{

if($std->eatCookie('pass')==$udata['password'])

{

$sessid = md5(uniqid(microtime()));

$ip = $icebb->client_ip;

$user_agent = $std->clean_string($_SERVER['HTTP_USER_AGENT']);//$db->query("DELETE FROM icebb_session_data WHERE username='{$udata['username']}' OR ip='{$ip}'",1);175. $sessdata = $this->create_session($udata['username'],$udata['id'],false,true);

If admin has cookies enabled we can login and create/edit/delete posts and topics.############################### Perl Exploit Start #############################

#!/usr/bin/perl

# IceBB

推荐文章
猜你喜欢
附近的人在看
推荐阅读
拓展阅读
相关阅读
网友关注
最新电脑安全教程学习
热门电脑安全教程学习
电脑子分类