 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 108
 Members: 0
 Total: 108
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
PHPBB3 - share more info - |
|
 Posted: Mon Jun 15, 2009 4:36 pm |
 |
|
| shyspy |
| Advanced user |
 |
|
| Joined: Jun 08, 2009 |
| Posts: 60 |
|
|
|
 |
|
 |
|
I was trying to hack an phpbb3 forum. I read a lot of stuff on the web about it but couldn't really find anyway to get admin access or anyway try anything to bring down the forum.
After nothing i got a script and i just copied it in login username and password.
The script was
| Code: | if($config['lastrss_ap_enabled']) <-----{1}
{
// init & setup lastrss
// $rss can be already initiated by lastRSS agregator mod by SmiX
if(!isset($rss)) <-----{2}
{
require $phpbb_root_path . 'includes/class_lastrss.' . $phpEx; <-----{3}
$rss = new lastrss;
}
// init/change settings for lastrss autopost bot
$rss->cache_time = 0; // not used in this mod
$rss->items_limit = $config['lastrss_ap_items_limit']; // default limit of items to post
$rss->type = $config['lastrss_type']; // connection type (fopen / curl)
// init lastRSS autopost MOD !
// check if we have some feeds in database to check
$sql = 'SELECT *
FROM ' . LASTRSS_AP_TABLE . '
WHERE next_check < "' . time() . '" AND enabled = "1"';
$result = $db->sql_query($sql);
$row = $db->sql_fetchrow($result);
$db->sql_freeresult($result);
// so do we have some feeds to post ?
if(sizeof($row) > 0)
{
// we are already sure, that at least one feed exists!
$feed = get_next_feed_to_post();
}
// do we have some feed data ?
if (isset($feed) && (sizeof($feed) > 0))
{
// we are sure, we have feed info for checking the feed!
autopost_init($feed);
}
}
?> |
The strange thing that happen was i got an error like :-
any further explanation to this... |
|
|
|
|
|
|
|
|
| Posted: Mon Jun 15, 2009 5:09 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
|
- |
|
| Posted: Mon Jun 15, 2009 5:20 pm |
|
|
| shyspy |
| Advanced user |
|
|
| Joined: Jun 08, 2009 |
| Posts: 60 |
|
|
|
|
|
|
|
Its strange i find it working on many forums..
What i do is 1st past script in login.
Then it say invalid username and password and problem persist contact admin.
then i click on login tab
past script in url
it then says please login to login to your control panel.
Now again when i type the script it works just like an jackpot.
Thankyou for the link it has more information. Thankyou waraxe. |
|
|
|
|
| Posted: Mon Jun 15, 2009 5:29 pm |
|
|
| shyspy |
| Advanced user |
|
|
| Joined: Jun 08, 2009 |
| Posts: 60 |
|
|
|
|
|
|
|
And yes waraxe its also working on my website www.systemsolution.biz
just try it there its working.
Also if possible let me know how to patch it. |
|
|
|
|
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
