|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 82
Members: 0
Total: 82
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
open /admin/install/ (3.1.4) |
|
Posted: Thu Feb 03, 2011 4:39 pm |
|
|
foreseen |
Beginner |
|
|
Joined: Jan 07, 2011 |
Posts: 3 |
|
|
|
|
|
|
|
What exploits can I benefit from if a operating board (IPB 3.1.4) have the install dir open?
I checked the code a bit, and any database operation requires database connection info at the _sd post variable. So i havent found any way to take any benefit from this without database connection info (that, if I had, there wont be any need to exploit the php but the database itself )
anyone knows if I can inject through any step of the instalation without db connection info? |
|
|
|
|
www.waraxe.us Forum Index -> Invision Power Board
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|