 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 57
 Members: 0
 Total: 57
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
|
Exploiting 2.0.11 and not finding out |
|
 Posted: Tue Mar 15, 2005 2:58 am |
 |
|
| CR4ZY |
| Beginner |
 |
|
| Joined: Mar 15, 2005 |
| Posts: 3 |
|
|
|
 |
|
 |
|
The suggestions you have on here about exploiting 2.0.11 I cant get working.
Earlier today my forum was exploited and I know who is responsible, despit them knowing about it they still run 2.0.11 and I'd like to know how I can get him back. Can anyone give me info on what to do to gain admin rights.
Thanks.  |
|
|
|
|
| Posted: Tue Mar 15, 2005 11:38 am |
|
|
| KingOfSka |
| Advanced user |
 |
|
| Joined: Mar 13, 2005 |
| Posts: 61 |
|
|
|
|
|
|
|
you can use the phpbb admin session cookies exploit, it works on <= 2.0.12 , search in the forum  |
|
|
|
|
|
|
|
|
| Posted: Tue Mar 15, 2005 11:40 am |
|
|
| shai-tan |
| Valuable expert |
|
|
| Joined: Feb 22, 2005 |
| Posts: 477 |
|
|
|
|
|
|
|
Ok some things.....
Firstly If he is into exploiting other forums then hes most likely updated his own and hasnt run the upgrade_to_latest.php file so his DB still says its 2.0.11 like these forums say that they are 2.0.8.
Secondly to give it a shot anyway just use a 2.0.12 exploit. These are listed in this forum. They are backwards commpatible and are the easiest if you want to learn how. If you already have a user name registered with his forum then use the exploit here: http://www.waraxe.us/ftopict-540.html if you cant be bothered signing up use the one I posted here: http://www.waraxe.us/ftopict-555.html
Hope this helps 
BTW youll need good old/new Firefox  |
|
_________________
Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
|
|
|
|
| Posted: Tue Mar 15, 2005 11:44 am |
|
|
| shai-tan |
| Valuable expert |
|
|
| Joined: Feb 22, 2005 |
| Posts: 477 |
|
|
|
|
|
|
|
You bastard..... just when I was posting mine......  |
|
_________________
Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
| Posted: Tue Mar 15, 2005 2:29 pm |
|
|
| y3dips |
| Valuable expert |
 |
|
| Joined: Feb 25, 2005 |
| Posts: 281 |
| Location: Indonesia |
|
|
|
|
|
|
| shai-tan wrote: | | You bastard..... just when I was posting mine...... |
soory [oot] but i dont get any objection why you so mad ? |
|
_________________
IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
| Posted: Tue Mar 15, 2005 3:06 pm |
|
|
| CR4ZY |
| Beginner |
|
|
| Joined: Mar 15, 2005 |
| Posts: 3 |
|
|
|
|
|
|
|
I have tried both of them and had no luck....my Username does not become admin, im my cookies file here is what I see:
| Code: | | THE WEBSITE FALSE / FALSE 1142434934 phpbb2mysql_data a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D |
so whats wrong
 I am using the latest Mozilla Firefox Build |
|
|
|
|
| Posted: Tue Mar 15, 2005 3:35 pm |
|
|
| CR4ZY |
| Beginner |
|
|
| Joined: Mar 15, 2005 |
| Posts: 3 |
|
|
|
|
|
|
|
OK this is weird, I kep trying and trying and the one I tried was the "you dont need to register" to do this and I saw the Go To Administration Panel link at the bottom, I clicked that and it asked for my username and password.
Why did it do that and how can I get into it?  |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
