 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 Posted: Fri Apr 07, 2006 5:33 am |
 |
|
| Aryan-Husky |
| Active user |
 |
| |
| Joined: Apr 03, 2006 |
| Posts: 37 |
|
|
|
 |
|
 |
|
| naragorn wrote: | | ok send a pm with the info, illtry to help, but b4 that, is it 2.0.15?? as far as i remember that one hast a lot of bugs, most important one is remote command execution, have u tried those?? |
Hi again naragorn,
Yes its 2.0.15, I originally thought it was version 16 but I was wrong.
Could you explain some more about Remote Command Execution?
Do you know of anymore exploits for 2.0.15?
Thanks again naragorn for all your help.
 |
|
|
|
|
| Posted: Fri Apr 07, 2006 6:10 am |
|
|
| naragorn |
| Regular user |
 |
| |
| Joined: Apr 03, 2006 |
| Posts: 10 |
|
|
|
|
|
|
|
oh that i wont explain, sorry.
Do u know theres a search button 
man theres so much info on it that u will find it right away, if u want me to give the name of the forum then ill see if its vuln, or better Search in google or here |
|
|
|
|
| Posted: Fri Apr 07, 2006 7:35 am |
|
|
| Aryan-Husky |
| Active user |
|
| |
| Joined: Apr 03, 2006 |
| Posts: 37 |
|
|
|
|
|
|
|
Thanks, unfortunatly I know nothing about perl. 
I'll have to learn soon. |
|
|
|
|
| Posted: Thu Apr 20, 2006 1:23 am |
|
|
| Indiction |
| Regular user |
|
| |
| Joined: Apr 12, 2006 |
| Posts: 11 |
|
|
|
|
|
|
|
Ok. So basically, you are logged in as the admin but you cannot reauth.
Realize now that you can still access the user CP...but in a weird way.
Every command must be issued via POST arguements through the php files.
Let me give you an example.
/phpbb2/admin/admin_users.php?sid=YOUR_SID&mode=edit&username=ADMIN_USERNAME&id=ADMIN_UID&password=NEW_PASSWORD&password_confirm=NEW_PASSWORD&location=owned&occupation=getting%20owned
Replace sid with your session ID, username with the admin's username, id with the admin's user id, and password/password_confirm with a new password  . |
|
|
|
|
|
 |
|
 |
| Posted: Thu Apr 20, 2006 6:06 am |
|
|
| Aryan-Husky |
| Active user |
|
| |
| Joined: Apr 03, 2006 |
| Posts: 37 |
|
|
|
|
|
|
|
Ok thanks for your reply, firstly what if this doesn't work? Do you not need to authenticate a New Password by e-mail? Then your account is disabled until you re-activate it.
/forum/admin/admin_users.php?sid=85c9d92abcf6aaef87c7803d4852d5d5&mode=edit&username=Some Guy&id=2&password=Admin Password&password_confirm=Admin Password&location=owned&occupation=getting%20owned
Can the Location and Occupation be left out or must I include them? Also as you can see from my example above if the Admin is called Some Guy is it defined in the url as "Some Guy" or "Some_Guy" and if the new password = "Admin Password" is it "Admin Password" or "Admin_Password" in the url.
Thanks for your help, I hope this makes sense. |
|
|
|
|
|
|
|
|
| Posted: Fri Apr 21, 2006 4:46 am |
|
|
| Aryan-Husky |
| Active user |
|
| |
| Joined: Apr 03, 2006 |
| Posts: 37 |
|
|
|
|
|
|
|
| Indiction wrote: | Ok. So basically, you are logged in as the admin but you cannot reauth.
Realize now that you can still access the user CP...but in a weird way.
Every command must be issued via POST arguements through the php files.
Let me give you an example.
/phpbb2/admin/admin_users.php?sid=YOUR_SID&mode=edit&username=ADMIN_USERNAME&id=ADMIN_UID&password=NEW_PASSWORD&password_confirm=NEW_PASSWORD&location=owned&occupation=getting%20owned
Replace sid with your session ID, username with the admin's username, id with the admin's user id, and password/password_confirm with a new password . |
Tried this out locally and it doesnt seem to work, you still have to re-auth to use the url. |
|
|
|
|
|
HOW DO YOU DO THIS??? |
|
| Posted: Sun May 07, 2006 3:19 am |
|
|
| Mailas |
| Beginner |
|
| |
| Joined: May 07, 2006 |
| Posts: 1 |
|
|
|
|
|
|
|
All right you guys, this is a concerned user and I would really like an answer.
There is this site that I really hate but so many people go to it, the thing is, I want to become an administrator. I have signed up there but I would like to change the password of one of the admins so I can get that admin account. How do I do this? Like basicaly I am a member there and I would like admin Access. How?????
I did that iecv thing I downloaded it now what?? I odn't understand what to do... |
|
|
|
|
| Posted: Sat Jun 02, 2007 9:17 am |
|
|
| Hosam |
| Beginner |
|
| |
| Joined: Jun 02, 2007 |
| Posts: 4 |
|
|
|
|
|
|
|
| Hello everybody, I would like to know, how can I see the hidden phpBB version? is there is anyway to see that except /docs/ then changes file? |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 2 of 2
Goto page Previous 1, 2
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 2
New Yesterday: 2
Overall: 7984
People Online:
Visitors: 238
Members: 3
Total: 241
Online Now:
