Waraxe IT Security Portal
Login or Register
April 28, 2025
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 83
Members: 0
Total: 83
Full disclosure
[IWCC 2025] CfP: 14th International Workshop on Cyber Crime -Ghent, Belgium, Aug 11-14, 2025
Inedo ProGet Insecure Reflection and CSRF Vulnerabilities
Ruby on Rails Cross-Site Request Forgery
Microsoft ".library-ms" File / NTLM Information Disclosure (Resurrected 2025)
HNS-2025-10 - HN Security Advisory - Local privilege escalation in Zyxel uOS
APPLE-SA-04-16-2025-4 visionOS 2.4.1
APPLE-SA-04-16-2025-3 tvOS 18.4.1
APPLE-SA-04-16-2025-2 macOS Sequoia 15.4.1
APPLE-SA-04-16-2025-1 iOS 18.4.1 and iPadOS 18.4.1
Business Logic Flaw: Price Manipulation - AlegroCartv1.2.9
Stored XSS in "Message" Functionality - AlegroCartv1.2.9
XSS via SVG Image Upload - AlegroCartv1.2.9
BBOT 2.1.0 - Local Privilege Escalation via Malicious ModuleExecution
83 vulnerabilities in Vasion Print / PrinterLogic
[CVE-2025-32102, CVE-2025-32103] SSRF and Directory Traversal in CrushFTP 10.7.1 and 11.1.0 (as well as legacy 9.x)
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> I got access, but the admin panel has extra protection
Post new topicReply to topic View previous topic :: View next topic
I got access, but the admin panel has extra protection
PostPosted: Fri Jan 02, 2009 10:23 pm Reply with quote
chaoz
Regular user
Regular user
Joined: Jan 03, 2009
Posts: 5




Using the cookie bug <= 2.0.12 in a phpbb forum I got access as member, but when I try to access the admin panel I get asked to enter the usarname/password. I don't know even the hash, how could I get it without entering in the admin panel? I'm logged in as administrator.
View user's profile Send private message
Re: I got access, but the admin panel has extra protection
PostPosted: Fri Jan 02, 2009 10:31 pm Reply with quote
tehhunter
Valuable expert
Valuable expert
Joined: Nov 19, 2008
Posts: 261




chaoz wrote:
Using the cookie bug <= 2.0.12 in a phpbb forum I got access as member, but when I try to access the admin panel I get asked to enter the usarname/password. I don't know even the hash, how could I get it without entering in the admin panel? I'm logged in as administrator.
If you don't know the hash, you can't possibly crack it. There's a chance that it may just be the admin's actual password.

Regardless, the only hope you have is that the admin is foolish enough to convey passwords to moderators/admins via his private message system. Try looking in his PM's for the word 'password' or other such things.
View user's profile Send private message
PostPosted: Sat Jan 03, 2009 6:12 pm Reply with quote
capt
Advanced user
Advanced user
Joined: Nov 04, 2008
Posts: 232




If your logged in under the admin cant u change your email in the control panel then request a new password?
View user's profile Send private message Visit poster's website MSN Messenger
PostPosted: Sun Jan 04, 2009 3:45 pm Reply with quote
chaoz
Regular user
Regular user
Joined: Jan 03, 2009
Posts: 5




capt wrote:
If your logged in under the admin cant u change your email in the control panel then request a new password?


I dont want to be detected, all I want is to steal the database.

Anyway, I finally got access, found the password in the PM box, thanks @tehhunter.
View user's profile Send private message
I got access, but the admin panel has extra protection
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



PCWizardHub - Helping you fix, build, and optimize your PC life
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.086 Seconds