 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 Posted: Wed May 17, 2006 11:47 pm |
 |
|
| WaterBird |
| Active user |
 |
|
| Joined: May 16, 2005 |
| Posts: 37 |
|
|
|
 |
|
 |
|
| I don't see any intrest in this exploit because when you have a cookie you can access admin panel. So why to use another explit ? |
|
|
|
|
| Posted: Thu May 18, 2006 12:34 am |
|
|
| szmatlawiec |
| Regular user |
 |
|
| Joined: May 14, 2006 |
| Posts: 8 |
|
|
|
|
|
|
|
heh so stupid ;D ofcourse i must type in cmd php script.php ;D thanks hyyh  |
|
|
|
|
|
 |
|
 |
| Posted: Thu May 18, 2006 4:52 pm |
|
|
| johnny |
| Regular user |
|
|
| Joined: Mar 13, 2006 |
| Posts: 13 |
|
|
|
|
|
|
|
Sheesh. This thread is labeled as an exploit for phpbb 2.0.20 and below.
Instead of an explanation of the actual exploit, we have the usual "how to run a Perl script" and "how to get a cookie" posts.
Does phpbb 2.0.20 even respond to the cookie stealer exploit? What if they use a different color scheme so that the "color:EFEFEF" in the exploit HTML doesn't get hidden in the post or PM?
And most importantly, can someone who has successfully used this on a 2.0.20 board please just post how they did it? It's a simple matter really, if you have done it. What's the point of posting an exploit if you don't give any details like:
- what settings need to be on the phpbb board to be exploited
- how to get the sid
- and for those exploits that say, "command insertion" or "shell", what database? What OS? What commands yield anything useful?
- and if the exploit is only a DDOS attack, say so please.
- and if the exploit is only to back up or restore, what if the board to be exploted doesn't have the backup/restore function installed?
- what about the "logging" module added to some boards to show all Admin and Mod activity? Any way to disable that?
Everyone's waiting for a 2.0.20 exploit, and if this is it, let's hear more about what it does and what is needed in the victim board settings to make it work. Autologin? HTML on? You know, those kinds of things. |
|
|
|
|
|
|
|
|
| Posted: Thu May 18, 2006 10:22 pm |
|
|
| sljyro |
| Advanced user |
 |
|
| Joined: Mar 23, 2006 |
| Posts: 53 |
|
|
|
|
|
|
|
yeah thats exactly what i dont understand about this exploit. it says you need a sid, but to get that in 2.0.20 (with html 99% off including admin inbox) no one knows. so how can this work in the first place?
is there another way to get the sid in a 2.0.20 that i have missed?
cheers! |
|
|
|
|
| Posted: Fri May 26, 2006 5:36 am |
|
|
| vlex |
| Beginner |
|
|
| Joined: May 26, 2006 |
| Posts: 1 |
|
|
|
|
|
|
|
hi everybody 
I've heard it works only on MSIE...
Unfortunately I haven't figure it out how it works... yet...
GL everybody |
|
|
|
|
|
|
|
|
| Posted: Fri May 26, 2006 10:52 pm |
|
|
| SicKn3sS |
| Regular user |
|
|
| Joined: Apr 16, 2006 |
| Posts: 14 |
|
|
|
|
|
|
|
| johnny wrote: | Sheesh. This thread is labeled as an exploit for phpbb 2.0.20 and below.
Instead of an explanation of the actual exploit, we have the usual "how to run a Perl script" and "how to get a cookie" posts.
Does phpbb 2.0.20 even respond to the cookie stealer exploit? What if they use a different color scheme so that the "color:EFEFEF" in the exploit HTML doesn't get hidden in the post or PM?
And most importantly, can someone who has successfully used this on a 2.0.20 board please just post how they did it? It's a simple matter really, if you have done it. What's the point of posting an exploit if you don't give any details like:
- what settings need to be on the phpbb board to be exploited
- how to get the sid
- and for those exploits that say, "command insertion" or "shell", what database? What OS? What commands yield anything useful?
- and if the exploit is only a DDOS attack, say so please.
- and if the exploit is only to back up or restore, what if the board to be exploted doesn't have the backup/restore function installed?
- what about the "logging" module added to some boards to show all Admin and Mod activity? Any way to disable that?
Everyone's waiting for a 2.0.20 exploit, and if this is it, let's hear more about what it does and what is needed in the victim board settings to make it work. Autologin? HTML on? You know, those kinds of things. |
I agree, this thread should be all about this exploit and not xss/css crap, admin plz erase all the posts about this topic so we can start over plz? |
|
|
|
|
|
|
|
|
| Posted: Thu Jun 01, 2006 7:18 pm |
|
|
| Lolz666 |
| Regular user |
|
|
| Joined: May 05, 2006 |
| Posts: 10 |
|
|
|
|
|
|
|
click on the sites logo...sometimes gives sid.....di for me...
but well still not rly sure how to use this exploit...
Is there like a php enviroment lol? |
|
|
|
|
| Posted: Thu Jun 01, 2006 11:39 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| WaterBird wrote: | | I don't see any intrest in this exploit because when you have a cookie you can access admin panel. So why to use another explit ? |
Heh, it's simple - this kind of exploit is about elevating possibilities. First - you got somehow admin privileges. For example, you have been trusted to be co-admin on some forum. Now, you can be forum admin, but in theory, you can't issue any shell commands, write to files, etc. Forum admin, but not webmaster.
This kind of exploit will elevate your privileges to nobody/apache level shell user
You can next try to r00t da b0x |
|
|
|
|
|
|
|
|
| Posted: Mon Jun 05, 2006 1:31 pm |
|
|
| johnny |
| Regular user |
|
|
| Joined: Mar 13, 2006 |
| Posts: 13 |
|
|
|
|
|
|
|
| waraxe wrote: | Heh, it's simple - this kind of exploit is about elevating possibilities. First - you got somehow admin privileges. For example, you have been trusted to be co-admin on some forum. Now, you can be forum admin, but in theory, you can't issue any shell commands, write to files, etc. Forum admin, but not webmaster.
This kind of exploit will elevate your privileges to nobody/apache level shell user
You can next try to r00t da b0x |
Unless it's an MS-SQL box behind the phpbb install. |
|
|
|
|
| Posted: Thu Jul 20, 2006 12:06 pm |
|
|
| db07 |
| Regular user |
|
|
| Joined: May 12, 2006 |
| Posts: 6 |
|
|
|
|
|
|
|
| you need to install the latest php package on your windows machine and then use php <scriptname> and follow the instructions. However you do need to have the admin sid else it won't work |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 2 of 2
Goto page Previous1, 2
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 214
Members: 0
Total: 214
