|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 67
Members: 0
Total: 67
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Trying to hack a forum |
|
Posted: Sat Mar 15, 2008 10:35 pm |
|
|
katakidoushi1 |
Beginner |
|
|
Joined: Mar 16, 2008 |
Posts: 1 |
|
|
|
|
|
|
|
1st post, so bear with me
If, say, I wanted to hack a forum such as "http://www.********.net/index.php" - I've read some thing about the cookie changing method, and have tried this with the same hashes other people have used for DIFFERENT forums. I think this is the reason it doesn't log into any admin account, and does not appear to do anything different to refreshing the page. If this is the case, can someone tell me where I get the hash key I need to put into the cookie box please?
What i'm doing is using firefox + an addon -
-Going to the forum
-Tools
-Live HTTP Headers
-Refresh the page
-Getting something such as:
Code: | Cookie: lang=english; ******_data=a%3A0%3A%7B%7D; ******_sid=1b261be979d16d6b4f3e04b048cae7d1; msa_resolution=1280x1024x32; PHPSESSID=3b07899ca9e3eb1d1cca5eb78999b668 | in the cookie field, and changing the hash to the same hash someone else has used for a seperate forum
-Clicking replay, and the forum just refreshes
Can anyone please tell me what i'm doing wrong, please?
Or should I be using a different method to gain access to an admin account?
[[edited by waraxe - no private info!!]] |
|
|
|
|
|
|
|
|
Posted: Sun Mar 16, 2008 2:33 am |
|
|
gibbocool |
Advanced user |
|
|
Joined: Jan 22, 2008 |
Posts: 208 |
|
|
|
|
|
|
|
First of all, no posting vulnerable URLs.
2nd, there are many exploits for old versions of phpbb, search on http://www.milw0rm.com/search.php
3rd, you need to steal the cookie hash for that particular forum, no use using a different forum. |
|
|
|
|
Posted: Thu May 22, 2008 9:53 pm |
|
|
Snoop1990 |
Advanced user |
|
|
Joined: May 22, 2008 |
Posts: 65 |
|
|
|
|
|
|
|
I guess what you have seen is the phpBB 2.0.10 hack ! but this issue is fixed a long time ago, so the hack won't succeed. It is not your fault, the forum seems to be secure. |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|