|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 139
Members: 0
Total: 139
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
|
- First use .htaccess for protection admin directory and admin files
- Second use only one admin
- Disable System() and any other dangerous function (if not used)
- Third For forums only use ... |
|
|
|
|
It's a bug in old Phpbb. Of course if you use old phpbb versions... |
|
|
|
|
Really good is to use a debugger.
Using Zend is amazing what you can find... |
|
|
|
|
If you want I'll censor the info as well |
|
|
|
|
I'm using since a while Zend STudio.
Yesterday I tryed for the first time version 4.0 and I was impressed.
Auditing and debugging is far away easier! |
|
|
|
|
I think that Janek censored the message, because it's really harmful at the moment |
|
|
|
|
For the code injection you need to have Magic Quotes disabled. If you have the protection On, you should be safe
To fix the sql Injection Change:
if (!$mercury->perms->is_guest) &# ... |
|
|
|
|
Heintz Great Job.
Even if it's a common trick and well documented I didn't notice it yet ( ).
This error is very common in converting perl scripts into php.
For more info:
http://www.ph ... |
|
|
|
|
I already have made a template-tutorial for blind injection in MercuryBoard.
Anyway this is not a Select, it's a replace.
You can change the active item:
You have an error in your SQL syntax. ... |
|
|
|
|
The guy that developed it is Anton Rager.
To have more info about there is his paper about:
http://xss-proxy.sourceforge.net/Advanced_XSS_Control.txt
I found it very interesting, even if the gu ... |
|
|
|
|
Original Link: http://www.milw0rm.com/id.php?id=832
Made by Pokleyzz |
|
|
|
|
Just for deleting files,
Quote from Idefense:
Remote exploitation of an input validation vulnerability in the phpBB
Group's phpBB2 bulletin board system allows attackers to unlink (delete)
ar ... |
|
|
|
|
This kind of stuff is good because it gives information about table prefixes.
In the errors you can acknowlegdge the full name of the table.
There is another issue here:
http://www.site.com/ ... |
|
|
|
|
it doesn't seem to be exploitable :-]
Yep It deals with the magic quotes and the backslash.
From the manual:
When magic_quotes are on, all ' (single-quote), " (double quote), (backslash) an ... |
|
|
|
|
http://www.schneier.com/blog/archives/2005/02/unicode_url_hac_1.html |
|
|
Page 1 of 2 |
Goto page 1, 2Next All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|