|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 62
Members: 0
Total: 62
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Acydburn : PHPbb 2.0.15 Fix for demoted admin bug |
|
Posted: Sun May 15, 2005 10:38 am |
|
|
y3dips |
Valuable expert |
|
|
Joined: Feb 25, 2005 |
Posts: 281 |
Location: Indonesia |
|
|
|
|
|
|
bug fixes bring another bug
http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=290149
to pacth
Code: |
OPEN admin/admin_ug_auth.php
FIND (around line 546)
WHERE user_id IN (" . implode(', ', $group_user) . ")";
REPLACE WITH
WHERE user_id IN (" . implode(', ', $group_user) . ") AND user_level = " . MOD; |
|
|
_________________ IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
Posted: Sun May 15, 2005 11:24 am |
|
|
shai-tan |
Valuable expert |
|
|
Joined: Feb 22, 2005 |
Posts: 477 |
|
|
|
|
|
|
|
haha! I was wondering how long it would take.
Yes I noticed this bug the other day while using phpbb 2.0.15, so I fixed it. It only seemed to effect me when I change User group permissions and user permissions. |
|
_________________ Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
Posted: Sun May 15, 2005 4:14 pm |
|
|
subzero |
Valuable expert |
|
|
Joined: Mar 16, 2005 |
Posts: 42 |
|
|
|
|
|
|
|
shai-tan.. if u fixed it .. why dont u post your patch before phpbb developer did ?
|
|
|
|
|
Posted: Sun May 15, 2005 6:08 pm |
|
|
shai-tan |
Valuable expert |
|
|
Joined: Feb 22, 2005 |
Posts: 477 |
|
|
|
|
|
|
|
I already seen support Posts on their site saying how people have been locked out of the admin panel, I wanted to see how long it took them, Its always fun to see how good their reflexes are.
I dont like the phpBB crew so why would I want to alert them of a minor bug they technically already knew about? |
|
_________________ Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
Posted: Mon May 16, 2005 6:25 am |
|
|
WaterBird |
Active user |
|
|
Joined: May 16, 2005 |
Posts: 37 |
|
|
|
|
|
|
|
Any known exploits for that bug ? |
|
|
|
|
Posted: Mon May 16, 2005 9:45 am |
|
|
shai-tan |
Valuable expert |
|
|
Joined: Feb 22, 2005 |
Posts: 477 |
|
|
|
|
|
|
|
That code is not exploitable |
|
_________________ Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
Posted: Thu May 19, 2005 11:39 am |
|
|
WaterBird |
Active user |
|
|
Joined: May 16, 2005 |
Posts: 37 |
|
|
|
|
|
|
|
shai-tan wrote: | That code is not exploitable |
OK thx Need to find any exploit for admin pannel or just to get to database in pgpbb by Przemo 1.9 :/ I think all modifications are based on new phpbb so i think i need exploit for 2.0.15 |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|