|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 75
Members: 0
Total: 75
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
deleting forums in phpbb directly |
|
Posted: Tue Jul 20, 2004 5:14 pm |
|
|
migo79 |
Regular user |
|
|
Joined: May 18, 2004 |
Posts: 17 |
|
|
|
|
|
|
|
hello
when i try to put this input directly into the browser to delete forum from phpbb using this url
Code: | http://localhost/phpBB2/admin/admin_forums.php?mode=deleteforum&f=1 |
it gives me the page to move and delete the post
i'm asking how i can supply that i want to delete all posts too using the same URL
i mean what is the extra input i must supply in order to delete the forum and the posts directly
any clue ? |
|
|
|
|
Posted: Tue Jul 20, 2004 7:41 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
From original source code:
Code: |
case 'movedelforum':
//
// Move or delete a forum in the DB
//
$from_id = intval($HTTP_POST_VARS['from_id']);
$to_id = intval($HTTP_POST_VARS['to_id']);
$delete_old = intval($HTTP_POST_VARS['delete_old']);
|
So you can't use GET request, you must do it as POST request.
In this way phpBB code will make impossible [img] type attacks |
|
|
|
|
Posted: Fri Jul 23, 2004 4:44 pm |
|
|
migo79 |
Regular user |
|
|
Joined: May 18, 2004 |
Posts: 17 |
|
|
|
|
|
|
|
good waraxe , you understand what i want to do exactly
so what do u think is the best way to use this exploit other than deleting posts or logging out users ?
thanx ya Basha |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|