 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 178
 Members: 0
 Total: 178
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
|
well at first time or first impression when i read the advisory, i think like you that can be explotaible in PHP5 <= 5.0.5, so i can make the exploit work in PHP4...
But the fact that you have t ... |
|
|
|
|
well well...
i reach a point that im too lazy to continue xDD
seems to be a little bit hard to make a Proof-Of-Concept...
obviously the first problem its to get a forum for testing pourpose and ... |
|
|
|
|
i think its most problem of the user who gets hack...
than the board configuration, and i dont think it is a risk...
normally all CMS, email the user with his username and his password and in my p ... |
|
|
|
|
hahahahaha sounds like you try to recreate the phpBB exploits...
i think php.net and your imagination could help, but for not make garbage post or spam, i think this resources could help...
http ... |
|
|
|
|
like everybody i dont have really much time...
but i'm researching for exploit or well know in IT Security as Proof-Of-Concept, obviously i dont have enought time to do that rapidly...
so, like sh ... |
|
|
|
|
Thank you shai-tan...
with this i think i can make a little PoC
grettings |
|
|
|
|
yeah but is still hard for bypass register_globals
but we can make a just little code for PoC...
grettings shai-tan |
|
|
|
|
i think most of this "fixes" just make for improvemmed...
as now i just see some and they are just for performarce, i didn't see at all because it is a large list...
but if i found one, i would ... |
|
|
|
|
as the previous post say...
a simply search on this forums, you would see how to use this information..
for resolve you some problems yo have to ways:
1) Crack The MD5 Of The Cookie
2) Make a ... |
|
|
|
|
if you call this as a "hack", maybe..
but i think its most know as a "script kiddie/h4x0r activity" or people that just use other knowledges to getting in a server and say they are the "best"...
... |
|
|
|
|
the:
"full path disclousure"
its a minor security glitch, and this info can help the attacker to visualize his target more better...
and some cases the attacker uses the information to guest the ... |
|
|
|
|
sorry to be rude...
but there is a lot of exploits with a Proof-of-concept, because that version is very old (today is launched the version 2.0.17)...
some of most know is the highlight vuln and ... |
|
|
|
|
It was already the Hour of an official patch, Waraxe!
if you pay attention the patch for bbcode it seems much to your patch non fficial...
greetings |
|
|
|
|
simply...
like its says on the original advisory, its because:
IE takes ` at his equivalent " so thats for only execute in IE and not with others engines like mozilla/gecko
regards |
|
|
|
|
you can try with cookie poison for login as the admnistrator...
just you have to got the userid and his md5-hash of his pass..
regards |
|
|
| Page 1 of 3 |
Goto page 1, 2, 3Next
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
