|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 123
Members: 0
Total: 123
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Problem with #34 |
|
Posted: Tue Aug 17, 2004 9:50 pm |
|
|
AMBALAS |
Regular user |
|
|
Joined: Aug 17, 2004 |
Posts: 5 |
|
|
|
|
|
|
|
I was using [waraxe-2004-SA#034] B1 - XSS in "index.php" exploit , and i getted "forum_data=a%3A0%3A%7B%7D" and "forum_sid=b33b0748df40ee6f78d7394858335c4a". So forum_sid is password in md5 hash, and what is the Forum_data ?
and how i can decode a%3A0%3A%7B%7D ?
sry for bad english |
|
|
|
|
Posted: Tue Aug 17, 2004 9:55 pm |
|
|
AMBALAS |
Regular user |
|
|
Joined: Aug 17, 2004 |
Posts: 5 |
|
|
|
|
|
|
|
and when im using this xploit on the same forum after about 30min i'm getting different forum_sid, why ? |
|
|
|
|
Posted: Wed Aug 18, 2004 7:18 pm |
|
|
madman |
Active user |
|
|
Joined: May 24, 2004 |
Posts: 46 |
|
|
|
|
|
|
|
Quote: | So forum_sid is password in md5 hash |
Incorrect. Sid -- as the name say it -- is session id. This id generated randomly as an "unique" id to the session table, along with user data such as user id, password, IP address, etc.
Quote: | what is the Forum_data ? |
The _data containing user password (if login with "remember me" feature) and user id number. Is is actually an array, mapped into plain string using PHP serialize() function.
Quote: | how i can decode a%3A0%3A%7B%7D |
In PHP, you can use urldecode() or rawurldecode() functions. This is actually not an "encripted" data, it just mapped to be compatible and convenient with http data transfer, especially with GET method. |
|
_________________ ch88rs,
madman |
|
|
|
|
|
|
|
Posted: Thu Aug 19, 2004 6:06 am |
|
|
AMBALAS |
Regular user |
|
|
Joined: Aug 17, 2004 |
Posts: 5 |
|
|
|
|
|
|
|
thnx for very good answer
but I doesnt understant what can i do with that exploit if information what i'm getting is uselles , maybe i must wait while another user is loged on that forum ant then i will get his psw or what ? |
|
|
|
|
Posted: Thu Aug 19, 2004 6:00 pm |
|
|
madman |
Active user |
|
|
Joined: May 24, 2004 |
Posts: 46 |
|
|
|
|
|
|
|
AMBALAS wrote: | but I doesnt understant what can i do with that exploit if information what i'm getting is uselles , maybe i must wait while another user is loged on that forum ant then i will get his psw or what ? |
Search the forum about cookie stealing. Basically only xxx_data cookie containing "autologinid" (which is user md5 password) is essential for phpBB account exploit. |
|
_________________ ch88rs,
madman |
|
|
|
Posted: Sat Sep 04, 2004 9:48 pm |
|
|
dotcomBOT |
Regular user |
|
|
Joined: Jun 11, 2004 |
Posts: 12 |
|
|
|
|
|
|
|
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|