# Author: __GiReX__ 26/07/08
# Homepage: # CMS: IceBB input; $g)
{
...
$where_clauses[] = "{$k}="{$g}""; qwhere = implode(" AND ",$where_clauses);
$total = $db->fetch_result("SELECT COUNT(*) as total FROM icebb_users{$this->qwhere}{$qextra}"); eatCookie("uid");
$login_key = $std->eatCookie("login_key");$icebb->hooks->hook("login_autoLogin", $uid, $login_key);$userq = $db->query("SELECT u.*,g.* FROM icebb_users AS u LEFT JOIN icebb_groups AS g ON u.user_group=g.gid WHERE u.id=".intval($uid)." AND u.login_key="{$login_key}" LIMIT 1");
$udata = $db->fetch_row($userq);if($db->get_num_rows($userq)>=1)
{
if($std->eatCookie("pass")==$udata["password"])
{
$sessid = md5(uniqid(microtime()));
$ip = $icebb->client_ip;
$user_agent = $std->clean_string($_SERVER["HTTP_USER_AGENT"]);//$db->query("DELETE FROM icebb_session_data WHERE username="{$udata["username"]}" OR ip="{$ip}"",1);175. $sessdata = $this->create_session($udata["username"],$udata["id"],false,true);
If admin has cookies enabled we can login and create/edit/delete posts and topics.############################### Perl Exploit Start #############################
#!/usr/bin/perl
# IceBB