This writeup describes multiple vulnerabilities in 6kbbs V8.0, including CSRF leading to RCE via file writes, information leakage, and XSS due to unsanitized $_SERVER['PHP_SELF'] usage. No functional exploit code is provided.
Classification
Writeup 90%
Attack Type
Rce | Xss | Info Leak
Complexity
Moderate
Reliability
Theoretical
Target:6KBBS v8.0 build 20101201
Auth required
Prerequisites:Admin access for CSRF-based RCE · Victim interaction for XSS