 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
|
well at first time or first impression when i read the advisory, i think like you that can be explotaible in PHP5 <= 5.0.5, so i can make the exploit work in PHP4...
But the fact that you have t ... |
|
|
|
|
well well...
i reach a point that im too lazy to continue xDD
seems to be a little bit hard to make a Proof-Of-Concept...
obviously the first problem its to get a forum for testing pourpose and ... |
|
|
|
|
i think its most problem of the user who gets hack...
than the board configuration, and i dont think it is a risk...
normally all CMS, email the user with his username and his password and in my p ... |
|
|
|
|
hahahahaha sounds like you try to recreate the phpBB exploits...
i think php.net and your imagination could help, but for not make garbage post or spam, i think this resources could help...
http ... |
|
|
|
|
like everybody i dont have really much time...
but i'm researching for exploit or well know in IT Security as Proof-Of-Concept, obviously i dont have enought time to do that rapidly...
so, like sh ... |
|
|
|
|
Thank you shai-tan...
with this i think i can make a little PoC
grettings |
|
|
|
|
yeah but is still hard for bypass register_globals
but we can make a just little code for PoC...
grettings shai-tan |
|
|
|
|
i think most of this "fixes" just make for improvemmed...
as now i just see some and they are just for performarce, i didn't see at all because it is a large list...
but if i found one, i would ... |
|
|
|
|
as the previous post say...
a simply search on this forums, you would see how to use this information..
for resolve you some problems yo have to ways:
1) Crack The MD5 Of The Cookie
2) Make a ... |
|
|
|
|
if you call this as a "hack", maybe..
but i think its most know as a "script kiddie/h4x0r activity" or people that just use other knowledges to getting in a server and say they are the "best"...
... |
|
|
|
|
the:
"full path disclousure"
its a minor security glitch, and this info can help the attacker to visualize his target more better...
and some cases the attacker uses the information to guest the ... |
|
|
|
|
sorry to be rude...
but there is a lot of exploits with a Proof-of-concept, because that version is very old (today is launched the version 2.0.17)...
some of most know is the highlight vuln and ... |
|
|
|
|
It was already the Hour of an official patch, Waraxe!
if you pay attention the patch for bbcode it seems much to your patch non fficial...
greetings |
|
|
|
|
simply...
like its says on the original advisory, its because:
IE takes ` at his equivalent " so thats for only execute in IE and not with others engines like mozilla/gecko
regards |
|
|
|
|
you can try with cookie poison for login as the admnistrator...
just you have to got the userid and his md5-hash of his pass..
regards |
|
|
| Page 1 of 3 |
Goto page 1, 2, 3 Next
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 1
New Yesterday: 2
Overall: 7985
People Online:
Visitors: 236
Members: 1
Total: 237
Online Now:
