 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 28
 Members: 0
 Total: 28
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
|
For the people who may be interested, I have written a little C++ app.
that checks the apache access_log for SID's every 5 seconds and outputs
them the command line and writes them to a file. |
|
|
|
|
Describe as detailed as possible what your problem is, with only relevant
information.
-Version of phpbb
-exploit you are trying to use
-whats going wrong
-what don't you understand
-
als ... |
|
|
|
|
Ive tested this, and its better to use a non existing image because
it cant be cached by the victims browser, giving you a bigger chance of succeeding
Exploit works great, only a little social en ... |
|
|
|
|
http://seclists.org/bugtraq/2008/Mar/0246.html
works great |
|
|
|
|
just one more question:
Is there a way to host a picture that doesnt get caches, like a broken or not existing image. Will you still get the referer info? Maybe some other trick?
Because if the pi ... |
|
|
|
|
found how to find the user ID:
http://startrekguide.com/community/viewtopic.php?f=62&t=6402
Click on their profile and look at the URL.
For example, if you view your profile.. (click your usern ... |
|
|
|
|
ah found the user ID part
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D
admin user ID in this case is 2
I made a new normal user and ... |
|
|
|
|
jeeeeeeeeeeeej finally werx, thx dude 
This is gonna be tough to exploit .
If I would get the SID from an admin I would have to guess what his/her user ID is or is there a better way?
I w ... |
|
|
|
|
meh can't get it to work
I edit the cookie and make it just like it was, when I was logged in
as admin and still doesn't work. :/
The session is a few seconds old.
I don't get it. |
|
|
|
|
tested replacing de sid, but that doesnt work :/
can somebody tell me how I should edit the cookie, if e.g. the
sid=30c2791137336d65cd8c327f92f2e0fc.
http://i33.tinypic.com/10f7ts7.png
http://i ... |
|
|
|
|
Hi all 
Pls look at http://packetstormsecurity.org/0803-exploits/phpbb2023-hijack.txt
I have some questions about this.
Say I had a website, so I can find the referal to my image I posted in ... |
|
|
|
|
wow ur funny
-think about what you want to learn
-ask more specific questions
-.. |
|
|
|
|
for windows:
save code as .pl file
install active perl (google it)
run dos prompt
go to dir of file
execute file by typing
perl nameofexploit.pl
follow instructions of exploit |
|
|
|
|
Haj dudes! Is this possible?
Or is it useless to search for this or try to make this?
Say i had a website and a stealer on it, is it possible to steal someones
cookie, by adding a link you my w ... |
|
|
| Page 1 of 2 |
Goto page 1, 2Next
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
