 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 255
 Members: 0
 Total: 255
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
|
- First use .htaccess for protection admin directory and admin files
- Second use only one admin
- Disable System() and any other dangerous function (if not used)
- Third For forums only use ... |
|
|
|
|
| It's a bug in old Phpbb. Of course if you use old phpbb versions... |
|
|
|
|
Really good is to use a debugger.
Using Zend is amazing what you can find... |
|
|
|
|
| If you want I'll censor the info as well |
|
|
|
|
I'm using since a while Zend STudio.
Yesterday I tryed for the first time version 4.0 and I was impressed.
Auditing and debugging is far away easier! |
|
|
|
|
| I think that Janek censored the message, because it's really harmful at the moment |
|
|
|
|
For the code injection you need to have Magic Quotes disabled. If you have the protection On, you should be safe
To fix the sql Injection Change:
if (!$mercury->perms->is_guest) &# ... |
|
|
|
|
Heintz Great Job.
Even if it's a common trick and well documented I didn't notice it yet (  ).
This error is very common in converting perl scripts into php.
For more info:
http://www.ph ... |
|
|
|
|
I already have made a template-tutorial for blind injection in MercuryBoard.
Anyway this is not a Select, it's a replace.
You can change the active item:
You have an error in your SQL syntax. ... |
|
|
|
|
The guy that developed it is Anton Rager.
To have more info about there is his paper about:
http://xss-proxy.sourceforge.net/Advanced_XSS_Control.txt
I found it very interesting, even if the gu ... |
|
|
|
|
Original Link: http://www.milw0rm.com/id.php?id=832
Made by Pokleyzz |
|
|
|
|
Just for deleting files,
Quote from Idefense:
Remote exploitation of an input validation vulnerability in the phpBB
Group's phpBB2 bulletin board system allows attackers to unlink (delete)
ar ... |
|
|
|
|
This kind of stuff is good because it gives information about table prefixes.
In the errors you can acknowlegdge the full name of the table.
There is another issue here:
http://www.site.com/ ... |
|
|
|
|
it doesn't seem to be exploitable :-]
Yep It deals with the magic quotes and the backslash.
From the manual:
When magic_quotes are on, all ' (single-quote), " (double quote), (backslash) an ... |
|
|
|
|
| http://www.schneier.com/blog/archives/2005/02/unicode_url_hac_1.html |
|
|
| Page 1 of 2 |
Goto page 1, 2Next
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
