 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 80
 Members: 0
 Total: 80
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
| sljyro |
|
| Replies: 14 |
| Views: 91108 |
|
|
 |
|
 |
|
| hey... my question is: how can i get the version if the URL is not like site.com/forum... it's 'site'.forump.com... i did: 'site'.forump.com/doc/CHANGELOG.html but it doesn't works... how can i get th ... |
|
|
|
|
| why dont you just upgrade it to a 2.0.21 so then you dont have to test anything? |
|
|
|
|
| thats true, but then what if they update their version without uploading the docs? |
|
|
|
|
get 'Steganos Internet Anonym' software ([url=http://www.steganos.com/?product=siao&language=en]info here)
so then you can start viewing the forum and register again if you wish.
now you can ... |
|
|
|
|
set up any phpBB forum version, and once you have the users registered, do a full backup of your database.
open the database file, search for the user name, and you will see a md5 hash for each use ... |
|
|
|
| sljyro |
|
| Replies: 5 |
| Views: 18753 |
|
|
|
|
|
|
can anyone give a slight insight on this one too? i keep getting the same problem as the above user.
thanks |
|
|
|
| sljyro |
|
| Replies: 6 |
| Views: 15555 |
|
|
|
|
|
|
this is as far as i can go, im new to this myself. ive tried couple of perl scripts and cookie exploits here and there, and thats about it 
there might be another way, but im not familiar with it ... |
|
|
|
| sljyro |
|
| Replies: 6 |
| Views: 15555 |
|
|
|
|
|
|
try this, it says 2.0.13 or lower versions
http://www.milw0rm.com/exploits/907
its to get a md5 hash of any user, thus giving you the chance to crack the password
if you want more, just check t ... |
|
|
|
| sljyro |
|
| Replies: 6 |
| Views: 15555 |
|
|
|
|
|
|
why do you want to test if it's secure? after 2 days of research you should know its one of the most vulnerable versions. there's loads of perl sripts too i think.
if its your board, why not upgrad ... |
|
|
|
| sljyro |
|
| Replies: 24 |
| Views: 45964 |
|
|
|
|
|
|
| yeah thats exactly what i dont understand about this exploit. it says you need a sid, but to get that in 2.0.20 (with html 99% off including admin inbox) no one knows. so how can this work in the firs ... |
|
|
|
| sljyro |
|
| Replies: 24 |
| Views: 45964 |
|
|
|
|
|
|
| yeah i would like to know the above too, thanks. |
|
|
|
|
the only thing i can think of is getting access to the admin account, then you can just view anything you want, but this method relies on quite a few 'if this and if that'
try using the following m ... |
|
|
|
| sljyro |
|
| Replies: 14 |
| Views: 91108 |
|
|
|
|
|
|
| if its jan, could be a 2.0.18 or .19 |
|
|
|
| sljyro |
|
| Replies: 14 |
| Views: 91108 |
|
|
|
|
|
|
well theres a flaw with that, the use might have updated the forum, but not the docs, which happens in many cases. so that way is never 100%.
if it doesnt work (and you are sure its a phpBB and put ... |
|
|
|
|
it has probably been upgraded, because when you upgrade, the docs dont necessarily change if not updated by the user. try higher exploits, it might even be a 2.0.20
and can you please take the link ... |
|
|
| Page 1 of 4 |
Goto page 1, 2, 3, 4Next
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
