|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
hi, i am new to the forum and need help. |
|
Posted: Tue Apr 14, 2009 1:56 am |
|
|
madjemas03 |
Regular user |
|
|
Joined: Apr 14, 2009 |
Posts: 6 |
|
|
|
|
|
|
|
well, i am already experienced in computer forensic, but do not know anything about how phpbb forum runs. all i want is the forum amdin's password because he is racist to every muslims that joins his forum and bans them for no reasons.
here is the forum's link:
http://www.wyrdysm.com/phpBB2/index.php
and some background data:
phpBB Group : 2002
admins: th15 and arcalane.
i am eager to have an answer, but all i want is to scare them, and access to their admin account (th15 if possible) to put them back in place. please help me, they do need a lesson. |
|
|
|
|
Posted: Tue Apr 14, 2009 2:38 am |
|
|
madjemas03 |
Regular user |
|
|
Joined: Apr 14, 2009 |
Posts: 6 |
|
|
|
|
|
|
|
will be very fond if you can get the password for me. please respond. |
|
|
|
|
Posted: Tue Apr 14, 2009 1:52 pm |
|
|
Chb |
Valuable expert |
|
|
Joined: Jul 23, 2005 |
Posts: 206 |
Location: Germany |
|
|
|
|
|
|
We do not like cracking-requests with links here. Please remove it. |
|
|
|
|
Posted: Tue Apr 14, 2009 3:09 pm |
|
|
madjemas03 |
Regular user |
|
|
Joined: Apr 14, 2009 |
Posts: 6 |
|
|
|
|
|
|
|
what do u like then? i guess no one's gonna help me here =/ |
|
|
|
|
Posted: Tue Apr 14, 2009 11:47 pm |
|
|
Chb |
Valuable expert |
|
|
Joined: Jul 23, 2005 |
Posts: 206 |
Location: Germany |
|
|
|
|
|
|
We definitely will not crack something for you. And threads about phpBB boards are enough here, I think. Moreover you did not post the version of the board (no, "phpBB Group 2002" is not the version...), so it is really hard for us to help you.
If you are able to get some more details about the forum (version or so), we might help you. |
|
|
|
|
|
|
|
|
Posted: Wed Apr 15, 2009 8:15 am |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
It's 2.0.22:
http://****/phpBB2/docs/CHANGELOG.html
Direct attack @ phpbb is probably not possible, because there is no known effective exploits for this version.
But I did found serious security hole in uploading functionality in that website.
Basically you can upload files with specific extension and if you use
filename like "test.php.shp", then Apache will treat this as php script.
So you have remote php code execution possibilities as result. |
|
|
|
|
Posted: Wed Apr 15, 2009 11:14 am |
|
|
madjemas03 |
Regular user |
|
|
Joined: Apr 14, 2009 |
Posts: 6 |
|
|
|
|
|
|
|
thanks a lot man, i'll look at that.
edit: omfg, it's true xD.
what kind of script could i put?i mean, will html work? i know c++ and html and actionscript, but it's my first time with phpbb, so it won't be as easy as messing up a website hosted on a cheap network xDedit: sorry for my stupidity, only phpbb script works.... |
|
|
|
|
www.waraxe.us Forum Index -> General discussion
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|