 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 458
 Members: 0
 Total: 458
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
SMF exploit problem to start ! |
|
 Posted: Sun Jun 15, 2008 9:52 pm |
 |
|
| France |
| Regular user |
 |
|
| Joined: May 14, 2008 |
| Posts: 10 |
|
|
|
 |
|
 |
|
Hi there is one new exploit for SMF but i don't know how to use it.You can see here :
| Code: | | http://www.devside.net/blog/smf-exploit-like-phpbb-hack |
One good tut will be nice.This was writen for Linux user but i don't use Linux !  |
|
|
|
|
| Posted: Mon Jun 16, 2008 1:10 am |
|
|
| gibbocool |
| Advanced user |
 |
|
| Joined: Jan 22, 2008 |
| Posts: 208 |
|
|
|
|
|
|
|
That isnt an advisory, it's just someone writing about how their forum got hacked. Use milw0rm to find real hacks. But this is your lucky day! There was one released just yesterday for SMF <=1.1.4. http://milw0rm.com/exploits/5826
If the exploit runs succesfully but you are not admin, then this is because register_globals is OFF on the target server. |
|
|
|
|
| Posted: Mon Jun 16, 2008 4:27 am |
|
|
| France |
| Regular user |
|
|
| Joined: May 14, 2008 |
| Posts: 10 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Tue Jun 17, 2008 7:23 am |
|
|
| tinman |
| Active user |
|
|
| Joined: May 11, 2008 |
| Posts: 37 |
|
|
|
|
|
|
|
I've had a play with this but a lack of documentation does not help. What I get with it (target is smf 1.1.4) is this:
[.] Exploit Starts.
[+] Trying to read Sesc
[-] Unable to find Sesc
I've tried using a registered user id and the session ID from Live HTTP headers being logged in as that user - but that may be the wrong way of doing it.
Any ideas? |
|
|
|
|
| Posted: Tue Jun 17, 2008 8:02 am |
|
|
| y3dips |
| Valuable expert |
 |
|
| Joined: Feb 25, 2005 |
| Posts: 281 |
| Location: Indonesia |
|
|
|
|
|
|
knock..knock,
is just because its already patched ?  |
|
_________________
IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
| Posted: Tue Jun 17, 2008 8:52 am |
|
|
| tinman |
| Active user |
|
|
| Joined: May 11, 2008 |
| Posts: 37 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Tue Jun 17, 2008 11:00 am |
|
|
| gibbocool |
| Advanced user |
|
|
| Joined: Jan 22, 2008 |
| Posts: 208 |
|
|
|
|
|
|
|
| tinman wrote: | I've had a play with this but a lack of documentation does not help. What I get with it (target is smf 1.1.4) is this:
[.] Exploit Starts.
[+] Trying to read Sesc
[-] Unable to find Sesc
I've tried using a registered user id and the session ID from Live HTTP headers being logged in as that user - but that may be the wrong way of doing it.
Any ideas? |
It's unlikely it's patched. I had a good play too, and got it to work on my own site as well as compromising another site 
Basically it's the PHPSESSID cookie that you need. So dont use the headers, just get a cookie editor and find the PHPSESSID for that site. You also need to login with your own account before hand. |
|
|
|
|
|
|
|
|
| Posted: Tue Jun 17, 2008 11:53 am |
|
|
| tinman |
| Active user |
|
|
| Joined: May 11, 2008 |
| Posts: 37 |
|
|
|
|
|
|
|
I got the session ID from 'live http headers' in firefox. I cut/paste it from the cookie section:
| Code: | | Cookie: __utmz=61161705.1212840634.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=61161705.153459717.1212840634.1213630953.1213686234.6; SMFCookie10=a%3A4%3A%7Bi%3A0%3Bs%3A3%3A%22985%22%3Bi%3A1%3Bs%3A40%3A%2214af95972fdc6cac5399ca59d9b48b434cf2ced5%22%3Bi%3A2%3Bi%3A1402057777%3Bi%3A3%3Bi%3A0%3B%7D; _c=y; __utmc=61161705; PHPSESSID=947e68b5215e1529641bd73a8c6951f7 |
Specifically the PHPSESSID:
| Code: | | 947e68b5215e1529641bd73a8c6951f7 |
I tried it with the admin user ID number and my own user ID number with the above session ID - but they are no go. The board shows 1.1.4. on the footer |
|
|
|
|
| Posted: Tue Jun 17, 2008 11:49 pm |
|
|
| gibbocool |
| Advanced user |
|
|
| Joined: Jan 22, 2008 |
| Posts: 208 |
|
|
|
|
|
|
|
| Strange, try delete the cookie. It will only work on your account btw, because it's your session. |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
