Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
March 19, 2024
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 415
Members: 0
Total: 415
PacketStorm News
·301 Moved Permanently

read more...
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> Exploits in phpBB 2.0.16 Goto page 1, 2  Next
Post new topic  Reply to topic View previous topic :: View next topic 
Exploits in phpBB 2.0.16
PostPosted: Mon Apr 03, 2006 3:59 pm Reply with quote
Aryan-Husky
Active user
Active user
 
Joined: Apr 03, 2006
Posts: 37




Hi Friends,

Firstly thanks to the Admins and Moderators of this site for supplying so much information. Over the past few days I have found it to be a fantastic resource.

Now to the point, I am trying to gain access to the Administration Panel of a phpBB 2.0.16. This Board has just 1 Admin and 2 Moderators.

I have an account registered on this board. It is quite a popular community with nearly 2,000 Members and over 110,000 Articles.

The only vulnerability I have found on this board is to use XSS Remote Cookie Disclosure which will give me the Md5 of the logged in user who views a post made by myself.

This seems to be working fine and I have got several Passwords already of Normal Users but no Mods or the Admin just yet even though I know they have viewed my Post, can anybody share some light on this problem as to why I can't get the Mods or Admins Md5?

Also does anybody else know of another exploit for 2.0.16?

Thanks for your time.
View user's profile Send private message
PostPosted: Wed Apr 05, 2006 4:04 am Reply with quote
Aryan-Husky
Active user
Active user
 
Joined: Apr 03, 2006
Posts: 37




Ok I have finally got the Admins Md5

f329a817d2e94133825c36aa6f2f7a64

However I have tried all online tools to resolve this hash but all so far have been unsuccsessful.

I am now currently using MDCrack NG 1.2 and it is currently on Day 3 of trying to resolve the above hash.

Can any body recommend anything else I could try?

Also I recently found out the the XSS exploit in phpBB2.0.16 only works when a logged in user views a post using Internet Explorer only, just incase anybody else out there was having the same problem.

P.S. I got the Admins Md5 by sending him a PM Laughing
View user's profile Send private message
PostPosted: Wed Apr 05, 2006 5:56 am Reply with quote
naragorn
Regular user
Regular user
 
Joined: Apr 03, 2006
Posts: 10




do u want to have the paswd or just enter as admin??

If u want to login as admin, u have to download IECV(google it)

then open it and search for the cookie of ur forum(You shouldopen the forum on Internet explorer, cause the program above just works with IE cookies

and replace ur cookie with this

a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:2:"USERID-OFTHEADMIN";}

If that doesnt work, try this

a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:1:"USERID-OFTHEADMIN";}

Then save it and load the forim again(Internet explorer)
If u need more help, well, tthere are tons here,(I learned a lot)
View user's profile Send private message
PostPosted: Wed Apr 05, 2006 6:49 am Reply with quote
mobettahformeright
Beginner
Beginner
 
Joined: Apr 05, 2006
Posts: 2




"The only vulnerability I have found on this board is to use XSS Remote Cookie Disclosure which will give me the Md5 of the logged in user who views a post made by myself. "


which will give me????...........where do you get it?.........do i have to have my own server or sumthing?........i dont understand this part
View user's profile Send private message
PostPosted: Wed Apr 05, 2006 7:25 am Reply with quote
Aryan-Husky
Active user
Active user
 
Joined: Apr 03, 2006
Posts: 37




naragorn wrote:
do u want to have the paswd or just enter as admin??

If u want to login as admin, u have to download IECV(google it)

then open it and search for the cookie of ur forum(You shouldopen the forum on Internet explorer, cause the program above just works with IE cookies

and replace ur cookie with this

a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:2:"USERID-OFTHEADMIN";}

If that doesnt work, try this

a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:1:"USERID-OFTHEADMIN";}

Then save it and load the forim again(Internet explorer)
If u need more help, well, tthere are tons here,(I learned a lot)


Hi naragorn,

Thanks for your Reply, firstly the Admin user id is "2", secondly I downloaded IECV and did exactly what you said but nothing happened, maybe could you explain some more?

Firstly I logged into the forum on IE then closed it. Then I opened IECV and replaced my cookie with the cookie of the admin and clicked on Modify. Then I closed IECV and opened IE again and went back to the Forum but I was still logged in as my regular User Name?

And yes it doesn't matter if I get the Admin Password or Admin Access, its all the same.

Thanks agian for your help.
View user's profile Send private message
PostPosted: Wed Apr 05, 2006 5:11 pm Reply with quote
mobettahformeright
Beginner
Beginner
 
Joined: Apr 05, 2006
Posts: 2




ok, so i watched the video, where does he get that xlmrpc?........then he types in, kisobox.shit.php?..........whats that all about???
View user's profile Send private message
PostPosted: Wed Apr 05, 2006 5:48 pm Reply with quote
naragorn
Regular user
Regular user
 
Joined: Apr 03, 2006
Posts: 10




U have to try them separately, when u log into te forum, then u have to close all IE windows, and then open IECV, i think u didnt modify the right cookie, cause in case u had modify the cookie and it was wront, u would not be logged as ur usual user, but u wouldnt be logged,
try searching all cookies for that site, then look for a cookie that says
"phpbb2mysql_data" or something like it, thats the cookie u have to modify, then try the ones below separately,
Btw, thos md5s are the ones from the admin right??

a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:2:"2";}

a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:1:"2";}
View user's profile Send private message
PostPosted: Wed Apr 05, 2006 6:42 pm Reply with quote
Aryan-Husky
Active user
Active user
 
Joined: Apr 03, 2006
Posts: 37




naragorn wrote:
U have to try them separately, when u log into te forum, then u have to close all IE windows, and then open IECV, i think u didnt modify the right cookie, cause in case u had modify the cookie and it was wront, u would not be logged as ur usual user, but u wouldnt be logged,
try searching all cookies for that site, then look for a cookie that says
"phpbb2mysql_data" or something like it, thats the cookie u have to modify, then try the ones below separately,
Btw, thos md5s are the ones from the admin right??

a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:2:"2";}

a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:1:"2";}


naragorn,

Thank you so much that worked perfectly, however I can't get into the admin panel because it requires to be authenticated. Any ideas around this?

Once again thanks, Very Happy Very Happy Very Happy
View user's profile Send private message
PostPosted: Wed Apr 05, 2006 7:56 pm Reply with quote
naragorn
Regular user
Regular user
 
Joined: Apr 03, 2006
Posts: 10




what do u mean??
U mean u logged in as admin, but u cant access to the admin panel cuz u have to login again??
If thats so, what version og phpbb is that??
Cuz i have used that technique on 2.0.16 and it works fine, i can access to admin panel, no verification needed
I havent run into that
View user's profile Send private message
PostPosted: Thu Apr 06, 2006 1:46 am Reply with quote
Aryan-Husky
Active user
Active user
 
Joined: Apr 03, 2006
Posts: 37




naragorn wrote:
what do u mean??
U mean u logged in as admin, but u cant access to the admin panel cuz u have to login again??
If thats so, what version og phpbb is that??
Cuz i have used that technique on 2.0.16 and it works fine, i can access to admin panel, no verification needed
I havent run into that


Thanks again naragorn,

Yes thats exactly it, I logged in as Admin but I have to enter my password again to log in as admin in Admin Panel.

Believe it or not this site is actually running phpBB 2.0.15

If you would like to help me out I could give you the admin details and site info and so on in a PM if intersted!

I'd be gratefull for your help,
Thanks.
View user's profile Send private message
PostPosted: Thu Apr 06, 2006 1:48 am Reply with quote
Aryan-Husky
Active user
Active user
 
Joined: Apr 03, 2006
Posts: 37




mobettahformeright drop me a PM and i'll try talk your through it. Make sure your target forum is phpbb 2.0.16 <=
View user's profile Send private message
PostPosted: Thu Apr 06, 2006 2:13 pm Reply with quote
sljyro
Advanced user
Advanced user
 
Joined: Mar 23, 2006
Posts: 53




hi,

im logged in as admin after doing a cookie exploit. the problem i am having is to go to the admin panel i need to re authenticate the password. this is a 2.0.15 phpBB version as well.

any help appreciated,

SL jyro
View user's profile Send private message
PostPosted: Thu Apr 06, 2006 5:18 pm Reply with quote
Aryan-Husky
Active user
Active user
 
Joined: Apr 03, 2006
Posts: 37




Same problem as myself, hopefully somebody can help.
View user's profile Send private message
PostPosted: Thu Apr 06, 2006 9:04 pm Reply with quote
naragorn
Regular user
Regular user
 
Joined: Apr 03, 2006
Posts: 10




ok send a pm with the info, illtry to help, but b4 that, is it 2.0.15?? as far as i remember that one hast a lot of bugs, most important one is remote command execution, have u tried those??
View user's profile Send private message
PostPosted: Fri Apr 07, 2006 12:08 am Reply with quote
sljyro
Advanced user
Advanced user
 
Joined: Mar 23, 2006
Posts: 53




thanks but i got another admin in the trap, password was a mediocre '1'. when will people learn Wink

cheers anyway,

sljyro
View user's profile Send private message
Exploits in phpBB 2.0.16
  www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 2  
Goto page 1, 2  Next
  
  
 Post new topic  Reply to topic  




Powered by phpBB © 2001-2008 phpBB Group






Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2020 Janek Vind "waraxe"
Page Generation: 0.170 Seconds