 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 415
 Members: 0
 Total: 415
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
|
Hello!
Does anybody know how phpbb cookie is created on newest versions?
I mean, how do they store the password there.
I know that it isnt a simple function like md5(password) because everytime I l ... |
|
|
|
|
Hello!
Got this cookie using XSS, but I don't understand its format.
Its supposed to be from php 2.0.19, but i see a "dot" in the middle of the md5 hash.
Take a look:
Cookie: phpbb2mysql_dat ... |
|
|
|
|
Is MKportal that secure?
Haven't seen any exploit for it.
For those who don't know, take a look at www.mkportal.it |
|
|
|
|
Sorry Linux but i didn't understand a word you said.
I don't have access to the computer that guy is using, I wanted to contact their administrator so they can fix it. I told some guy is using "ghost ... |
|
|
|
|
Hello!
There is a guy whois using some shells to DoS my UO server.
He is using a BNC on IRC:
C4nt1 is ~FullT@yl27hlvL2ak.211.233.12.O
How do I contact the owner of that network so they can fix ... |
|
|
|
|
| Exploit available at: http://www.milw0rm.com/id.php?id=1219 |
|
|
|
|
| Check http://www.securityfocus.com/archive/1/410314/30/0/threaded |
|
|
|
|
http://www.securityfocus.com/archive/1/409047/30/0/threaded
Has anyone managed to make it work?
I tried but i think I don't know how to craft the cookie successfully |
|
|
|
|
Check http://www.securityfocus.com/bid/14604
Any known exploit for these ? |
|
|
|
|
OK i found out how to craft a cookie.
The password who is stored in a cookie is stored like this:
md5('password in the database' . 'vB license id');
So, if you got the hash of the passwor ... |
|
|
|
|
Hello.
I got some vbulletin 3.0.7 md5. I got their salts too.
Is there any way to crack them or to craft a cookie so I can login with any account?
Thanks. |
|
|
|
|
yeah, i would be interesting what kind of malicious code you can insert 
----edit:
well i tried to insert this script:
<?
echo 'HOST: '.$dbhost.'<BR>dbNm: '.$dbname.'<BR>USER: '. ... |
|
|
|
|
PhpBB - [img]http://theremotehost.com/exploit.jpg[/img]
Inside the exploit.jpg folder we would have index.php or index.html with malicious code. |
|
|
|
|
Sorry, i dont know if i am doing something wrong, but my cookies.php is like this:
<?php
$cookie = $_GET
I post a reply in the forum with this in the msg:
I uploaded cookies.php and cook ... |
|
|
| Page 1 of 1 |
All times are GMT |
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
