Waraxe IT Security Portal
Login or Register
October 3, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 75
Members: 0
Total: 75
Full disclosure
SEC Consult SA-20240930-0 :: Local Privilege Escalation via MSI Installer in Nitro PDF Pro (CVE-2024-35288)
Backdoor.Win32.Benju.a / Unauthenticated Remote CommandExecution
Backdoor.Win32.Prorat.jz / Remote Stack Buffer Overflow (SEH)
Backdoor.Win32.Amatu.a / Remote Arbitrary File Write (RCE)
Backdoor.Win32.Agent.pw / Remote Stack Buffer Overflow (SEH)
Backdoor.Win32.Boiling / Remote Command Execution
Defense in depth -- the Microsoft way (part 88): a SINGLEcommand line shows about 20, 000 instances of CWE-73
SEC Consult SA-20240925-0 :: Uninstall Password Bypass in BlackBerry CylanceOPTICS Windows Installer Package (CVE-2024-35214)
Apple iOS 17.2.1 - Screen Time Passcode Retrieval (MitigationBypass)
CyberDanube Security Research 20240919-0 | Multiple Vulnerabilities in Netman204
Submit Exploit CVE-2024-42831
Stored XSS in "Edit Profile" - htmlyv2.9.9
Stored XSS in "Menu Editor" - htmlyv2.9.9
Backdoor.Win32.BlackAngel .13 / Unauthenticated Remote CommandExecution
Backdoor.Win32.CCInvader. 10 / Authentication Bypass
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> Exploits in phpBB 2.0.16 Goto page 1, 2Next
Post new topicReply to topic View previous topic :: View next topic
Exploits in phpBB 2.0.16
PostPosted: Mon Apr 03, 2006 3:59 pm Reply with quote
Aryan-Husky
Active user
Active user
Joined: Apr 03, 2006
Posts: 37




Hi Friends,

Firstly thanks to the Admins and Moderators of this site for supplying so much information. Over the past few days I have found it to be a fantastic resource.

Now to the point, I am trying to gain access to the Administration Panel of a phpBB 2.0.16. This Board has just 1 Admin and 2 Moderators.

I have an account registered on this board. It is quite a popular community with nearly 2,000 Members and over 110,000 Articles.

The only vulnerability I have found on this board is to use XSS Remote Cookie Disclosure which will give me the Md5 of the logged in user who views a post made by myself.

This seems to be working fine and I have got several Passwords already of Normal Users but no Mods or the Admin just yet even though I know they have viewed my Post, can anybody share some light on this problem as to why I can't get the Mods or Admins Md5?

Also does anybody else know of another exploit for 2.0.16?

Thanks for your time.
View user's profile Send private message
PostPosted: Wed Apr 05, 2006 4:04 am Reply with quote
Aryan-Husky
Active user
Active user
Joined: Apr 03, 2006
Posts: 37




Ok I have finally got the Admins Md5

f329a817d2e94133825c36aa6f2f7a64

However I have tried all online tools to resolve this hash but all so far have been unsuccsessful.

I am now currently using MDCrack NG 1.2 and it is currently on Day 3 of trying to resolve the above hash.

Can any body recommend anything else I could try?

Also I recently found out the the XSS exploit in phpBB2.0.16 only works when a logged in user views a post using Internet Explorer only, just incase anybody else out there was having the same problem.

P.S. I got the Admins Md5 by sending him a PM Laughing
View user's profile Send private message
PostPosted: Wed Apr 05, 2006 5:56 am Reply with quote
naragorn
Regular user
Regular user
Joined: Apr 03, 2006
Posts: 10




do u want to have the paswd or just enter as admin??

If u want to login as admin, u have to download IECV(google it)

then open it and search for the cookie of ur forum(You shouldopen the forum on Internet explorer, cause the program above just works with IE cookies

and replace ur cookie with this

a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:2:"USERID-OFTHEADMIN";}

If that doesnt work, try this

a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:1:"USERID-OFTHEADMIN";}

Then save it and load the forim again(Internet explorer)
If u need more help, well, tthere are tons here,(I learned a lot)
View user's profile Send private message
PostPosted: Wed Apr 05, 2006 6:49 am Reply with quote
mobettahformeright
Beginner
Beginner
Joined: Apr 05, 2006
Posts: 2




"The only vulnerability I have found on this board is to use XSS Remote Cookie Disclosure which will give me the Md5 of the logged in user who views a post made by myself. "


which will give me????...........where do you get it?.........do i have to have my own server or sumthing?........i dont understand this part
View user's profile Send private message
PostPosted: Wed Apr 05, 2006 7:25 am Reply with quote
Aryan-Husky
Active user
Active user
Joined: Apr 03, 2006
Posts: 37




naragorn wrote:
do u want to have the paswd or just enter as admin??

If u want to login as admin, u have to download IECV(google it)

then open it and search for the cookie of ur forum(You shouldopen the forum on Internet explorer, cause the program above just works with IE cookies

and replace ur cookie with this

a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:2:"USERID-OFTHEADMIN";}

If that doesnt work, try this

a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:1:"USERID-OFTHEADMIN";}

Then save it and load the forim again(Internet explorer)
If u need more help, well, tthere are tons here,(I learned a lot)


Hi naragorn,

Thanks for your Reply, firstly the Admin user id is "2", secondly I downloaded IECV and did exactly what you said but nothing happened, maybe could you explain some more?

Firstly I logged into the forum on IE then closed it. Then I opened IECV and replaced my cookie with the cookie of the admin and clicked on Modify. Then I closed IECV and opened IE again and went back to the Forum but I was still logged in as my regular User Name?

And yes it doesn't matter if I get the Admin Password or Admin Access, its all the same.

Thanks agian for your help.
View user's profile Send private message
PostPosted: Wed Apr 05, 2006 5:11 pm Reply with quote
mobettahformeright
Beginner
Beginner
Joined: Apr 05, 2006
Posts: 2




ok, so i watched the video, where does he get that xlmrpc?........then he types in, kisobox.shit.php?..........whats that all about???
View user's profile Send private message
PostPosted: Wed Apr 05, 2006 5:48 pm Reply with quote
naragorn
Regular user
Regular user
Joined: Apr 03, 2006
Posts: 10




U have to try them separately, when u log into te forum, then u have to close all IE windows, and then open IECV, i think u didnt modify the right cookie, cause in case u had modify the cookie and it was wront, u would not be logged as ur usual user, but u wouldnt be logged,
try searching all cookies for that site, then look for a cookie that says
"phpbb2mysql_data" or something like it, thats the cookie u have to modify, then try the ones below separately,
Btw, thos md5s are the ones from the admin right??

a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:2:"2";}

a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:1:"2";}
View user's profile Send private message
PostPosted: Wed Apr 05, 2006 6:42 pm Reply with quote
Aryan-Husky
Active user
Active user
Joined: Apr 03, 2006
Posts: 37




naragorn wrote:
U have to try them separately, when u log into te forum, then u have to close all IE windows, and then open IECV, i think u didnt modify the right cookie, cause in case u had modify the cookie and it was wront, u would not be logged as ur usual user, but u wouldnt be logged,
try searching all cookies for that site, then look for a cookie that says
"phpbb2mysql_data" or something like it, thats the cookie u have to modify, then try the ones below separately,
Btw, thos md5s are the ones from the admin right??

a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:2:"2";}

a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:1:"2";}


naragorn,

Thank you so much that worked perfectly, however I can't get into the admin panel because it requires to be authenticated. Any ideas around this?

Once again thanks, Very Happy Very Happy Very Happy
View user's profile Send private message
PostPosted: Wed Apr 05, 2006 7:56 pm Reply with quote
naragorn
Regular user
Regular user
Joined: Apr 03, 2006
Posts: 10




what do u mean??
U mean u logged in as admin, but u cant access to the admin panel cuz u have to login again??
If thats so, what version og phpbb is that??
Cuz i have used that technique on 2.0.16 and it works fine, i can access to admin panel, no verification needed
I havent run into that
View user's profile Send private message
PostPosted: Thu Apr 06, 2006 1:46 am Reply with quote
Aryan-Husky
Active user
Active user
Joined: Apr 03, 2006
Posts: 37




naragorn wrote:
what do u mean??
U mean u logged in as admin, but u cant access to the admin panel cuz u have to login again??
If thats so, what version og phpbb is that??
Cuz i have used that technique on 2.0.16 and it works fine, i can access to admin panel, no verification needed
I havent run into that


Thanks again naragorn,

Yes thats exactly it, I logged in as Admin but I have to enter my password again to log in as admin in Admin Panel.

Believe it or not this site is actually running phpBB 2.0.15

If you would like to help me out I could give you the admin details and site info and so on in a PM if intersted!

I'd be gratefull for your help,
Thanks.
View user's profile Send private message
PostPosted: Thu Apr 06, 2006 1:48 am Reply with quote
Aryan-Husky
Active user
Active user
Joined: Apr 03, 2006
Posts: 37




mobettahformeright drop me a PM and i'll try talk your through it. Make sure your target forum is phpbb 2.0.16 <=
View user's profile Send private message
PostPosted: Thu Apr 06, 2006 2:13 pm Reply with quote
sljyro
Advanced user
Advanced user
Joined: Mar 23, 2006
Posts: 53




hi,

im logged in as admin after doing a cookie exploit. the problem i am having is to go to the admin panel i need to re authenticate the password. this is a 2.0.15 phpBB version as well.

any help appreciated,

SL jyro
View user's profile Send private message
PostPosted: Thu Apr 06, 2006 5:18 pm Reply with quote
Aryan-Husky
Active user
Active user
Joined: Apr 03, 2006
Posts: 37




Same problem as myself, hopefully somebody can help.
View user's profile Send private message
PostPosted: Thu Apr 06, 2006 9:04 pm Reply with quote
naragorn
Regular user
Regular user
Joined: Apr 03, 2006
Posts: 10




ok send a pm with the info, illtry to help, but b4 that, is it 2.0.15?? as far as i remember that one hast a lot of bugs, most important one is remote command execution, have u tried those??
View user's profile Send private message
PostPosted: Fri Apr 07, 2006 12:08 am Reply with quote
sljyro
Advanced user
Advanced user
Joined: Mar 23, 2006
Posts: 53




thanks but i got another admin in the trap, password was a mediocre '1'. when will people learn Wink

cheers anyway,

sljyro
View user's profile Send private message
Exploits in phpBB 2.0.16
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 2
Goto page 1, 2Next
Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.050 Seconds