Login or Register :: Home :: Search :: Your Account :: Forums :: Waraxe Advisories :: Tools :: October 20, 2025 Menu Home Logout Discussions Forums Members List IRC chat Tools Base64 coder MD5 hash CRC32 checksum ROT13 coder SHA-1 hash URL-decoder Sql Char Encoder Affiliates y3dips ITsec Md5 Cracker User Manuals AlbumNow Content Content Sections FAQ Top Info Feedback Recommend Us Search Journal Your Account User Info Welcome, Anonymous Nickname Password (Register) Membership: Latest: MichaelSnaRe New Today: 0 New Yesterday: 0 Overall: 9144 People Online: Visitors: 121 Members: 0 Total: 121 Full disclosure CyberDanube Security Research 20251014-0 | Multiple Vulnerabilities in Phoenix Contact QUINT4 UPS apis.google.com - Insecure redirect via __lu parameter(exploited in the wild) Urgent Security Vulnerabilities Discovered in Mercku Routers Model M6a Re: Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS) Security Advisory: Multiple High-Severity Vulnerabilities in Suno.com (JWT Leakage, IDOR, DoS) [SBA-ADV-20250730-01] CVE-2025-39664: Checkmk Path Traversal [SBA-ADV-20250724-01] CVE-2025-32919: Checkmk Agent Privilege Escalation via Insecure Temporary Files CVE-2025-59397 - Open Web Analytics SQL Injection Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft Re: Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft Re: Defense in depth -- the Microsoft way (part 93): SRP/SAFERwhitelisting goes black on Windows 11 Re: [FD]: "Glass Cage" – Zero-Click iMessage ? Persistent iOS Compromise + Bricking (CVE-2025-24085 / 24201, CNVD-2025-07885) Re: [FD]Full Disclosure: CVE-2025-31200 & CVE-2025-31201 – 0-Click iMessage Chain ? Secure Enclave Key Theft, Wormable RCE, Crypto Theft Samtools v1.22.1 Uncontrolled Memory Allocation from Large BED Intervals Causes Denial-of-Service in Samtools/HTSlib Samtools v1.22.1 Improper Handling of Excessive Histogram Bin Counts in Samtools Coverage Leads to Stack Overflow IT Security and Insecurity Portal www.waraxe.us Forum Index -> PhpBB -> Exploits in phpBB 2.0.16 Goto page Previous1, 2 View previous topic :: View next topic Posted: Fri Apr 07, 2006 5:33 am Aryan-Husky Active user Joined: Apr 03, 2006 Posts: 37 naragorn wrote: ok send a pm with the info, illtry to help, but b4 that, is it 2.0.15?? as far as i remember that one hast a lot of bugs, most important one is remote command execution, have u tried those?? Hi again naragorn, Yes its 2.0.15, I originally thought it was version 16 but I was wrong. Could you explain some more about Remote Command Execution? Do you know of anymore exploits for 2.0.15? Thanks again naragorn for all your help. Posted: Fri Apr 07, 2006 6:10 am naragorn Regular user Joined: Apr 03, 2006 Posts: 10 oh that i wont explain, sorry. Do u know theres a search button man theres so much info on it that u will find it right away, if u want me to give the name of the forum then ill see if its vuln, or better Search in google or here Posted: Fri Apr 07, 2006 7:35 am Aryan-Husky Active user Joined: Apr 03, 2006 Posts: 37 Thanks, unfortunatly I know nothing about perl. I'll have to learn soon. Posted: Thu Apr 20, 2006 1:23 am Indiction Regular user Joined: Apr 12, 2006 Posts: 11 Ok. So basically, you are logged in as the admin but you cannot reauth. Realize now that you can still access the user CP...but in a weird way. Every command must be issued via POST arguements through the php files. Let me give you an example. /phpbb2/admin/admin_users.php?sid=YOUR_SID&mode=edit&username=ADMIN_USERNAME&id=ADMIN_UID&password=NEW_PASSWORD&password_confirm=NEW_PASSWORD&location=owned&occupation=getting%20owned Replace sid with your session ID, username with the admin's username, id with the admin's user id, and password/password_confirm with a new password . Posted: Thu Apr 20, 2006 6:06 am Aryan-Husky Active user Joined: Apr 03, 2006 Posts: 37 Ok thanks for your reply, firstly what if this doesn't work? Do you not need to authenticate a New Password by e-mail? Then your account is disabled until you re-activate it. /forum/admin/admin_users.php?sid=85c9d92abcf6aaef87c7803d4852d5d5&mode=edit&username=Some Guy&id=2&password=Admin Password&password_confirm=Admin Password&location=owned&occupation=getting%20owned Can the Location and Occupation be left out or must I include them? Also as you can see from my example above if the Admin is called Some Guy is it defined in the url as "Some Guy" or "Some_Guy" and if the new password = "Admin Password" is it "Admin Password" or "Admin_Password" in the url. Thanks for your help, I hope this makes sense. Posted: Fri Apr 21, 2006 4:46 am Aryan-Husky Active user Joined: Apr 03, 2006 Posts: 37 Indiction wrote: Ok. So basically, you are logged in as the admin but you cannot reauth. Realize now that you can still access the user CP...but in a weird way. Every command must be issued via POST arguements through the php files. Let me give you an example. /phpbb2/admin/admin_users.php?sid=YOUR_SID&mode=edit&username=ADMIN_USERNAME&id=ADMIN_UID&password=NEW_PASSWORD&password_confirm=NEW_PASSWORD&location=owned&occupation=getting%20owned Replace sid with your session ID, username with the admin's username, id with the admin's user id, and password/password_confirm with a new password . Tried this out locally and it doesnt seem to work, you still have to re-auth to use the url. HOW DO YOU DO THIS??? Posted: Sun May 07, 2006 3:19 am Mailas Beginner Joined: May 07, 2006 Posts: 1 All right you guys, this is a concerned user and I would really like an answer. There is this site that I really hate but so many people go to it, the thing is, I want to become an administrator. I have signed up there but I would like to change the password of one of the admins so I can get that admin account. How do I do this? Like basicaly I am a member there and I would like admin Access. How????? I did that iecv thing I downloaded it now what?? I odn't understand what to do... Posted: Sat Jun 02, 2007 9:17 am Hosam Beginner Joined: Jun 02, 2007 Posts: 4 Hello everybody, I would like to know, how can I see the hidden phpBB version? is there is anyway to see that except /docs/ then changes file? Exploits in phpBB 2.0.16 www.waraxe.us Forum Index -> PhpBB You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum All times are GMT Page 2 of 2 Goto page Previous1, 2 All Posts1 Day7 Days2 Weeks1 Month3 Months6 Months1 YearOldest FirstNewest First Select a forumSecurity Research by waraxe----------------General discussionHow to fixMetasploit relatedHash cracking requests----------------MD5 hashesAll other hashesHash related informationhttp://www.waraxe.us portal----------------SuggestionsCooperation proposalsSecurity bugs and issues in general----------------Newbies cornerSql injectionCross-site scripting aka XSSRemote file inclusionFull path disclosureShell commands injectionPhishing and Social EngineeringAll other security holesVarious software----------------PhpNukePostNukePhpBBXMB forumvBulletin BoardInvision Power Boarde107MamboJoomlaXOOPSM$ WindowsLinux worldAll other softwareCoppermine Photo GalleryProgramming languages----------------PhpMySqlPerlJavaJavascriptC and C++Visual BasicBorland Delphi and PascalPythonHTML and XMLAssemblerReverse engineering----------------Newbies cornerDisassemblingPHP script decode requestsMiscellaneous stuff----------------Future of the ITNanotechnologyFun cornerLinksTry2hack sitesProxy databaseDirect Downloads----------------ToolsTutorialsWordlistsRecycle Bin----------------Removed messagesOutdated posts Powered by phpBB © 2001-2008 phpBB Group

PCWizardHub - Helping you fix, build, and optimize your PC life
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.025 Seconds