 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 554
 Members: 0
 Total: 554
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
I got access, but the admin panel has extra protection |
|
 Posted: Fri Jan 02, 2009 10:23 pm |
 |
|
| chaoz |
| Regular user |
 |
|
| Joined: Jan 03, 2009 |
| Posts: 5 |
|
|
|
 |
|
 |
|
| Using the cookie bug <= 2.0.12 in a phpbb forum I got access as member, but when I try to access the admin panel I get asked to enter the usarname/password. I don't know even the hash, how could I get it without entering in the admin panel? I'm logged in as administrator. |
|
|
|
|
|
Re: I got access, but the admin panel has extra protection |
|
| Posted: Fri Jan 02, 2009 10:31 pm |
|
|
| tehhunter |
| Valuable expert |
|
|
| Joined: Nov 19, 2008 |
| Posts: 261 |
|
|
|
|
|
|
|
| chaoz wrote: | | Using the cookie bug <= 2.0.12 in a phpbb forum I got access as member, but when I try to access the admin panel I get asked to enter the usarname/password. I don't know even the hash, how could I get it without entering in the admin panel? I'm logged in as administrator. |
If you don't know the hash, you can't possibly crack it. There's a chance that it may just be the admin's actual password.
Regardless, the only hope you have is that the admin is foolish enough to convey passwords to moderators/admins via his private message system. Try looking in his PM's for the word 'password' or other such things. |
|
|
|
|
| Posted: Sat Jan 03, 2009 6:12 pm |
|
|
| capt |
| Advanced user |
 |
|
| Joined: Nov 04, 2008 |
| Posts: 232 |
|
|
|
|
|
|
|
| If your logged in under the admin cant u change your email in the control panel then request a new password? |
|
|
|
|
| Posted: Sun Jan 04, 2009 3:45 pm |
|
|
| chaoz |
| Regular user |
|
|
| Joined: Jan 03, 2009 |
| Posts: 5 |
|
|
|
|
|
|
|
| capt wrote: | | If your logged in under the admin cant u change your email in the control panel then request a new password? |
I dont want to be detected, all I want is to steal the database.
Anyway, I finally got access, found the password in the PM box, thanks @tehhunter. |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
