Waraxe IT Security Portal

700G · Active user

Then the admin probably doesn't have "Log me on automatically each visit" checked.

700G · Active user

...oh yeah, and another possibility is that the admin isn't using IE.

diegocure15 · Active user

it does not matter if forums still is 2.1.6 mine is that version but all i did was pacth the bbcode.php file wich is the one with the bug and on the other hand if you get hashes from users and edit tours with them and visit that site and you see you are another user "the one you stoll the cookies from" that means the forum still vul.

MOOD · Beginner

i used this exploit for { phpBB2 Plus 1.55 based on phpBB }
I send PM's to All Admins And i got this

Cookie: phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:1:\"5\";}; phpbb2mysql_sid=b8e1e9fc6bbfc7300fbffbd9e0303bf9; phpbb2mysql_t=a:9:{i:1668;i:1122573925;i:2019;i:1122574321;i:1628;i:1122575145;i:1402;i:1122575198;i:2034;i:1122575257;i:217;i:1122575288;i:2029;i:1122579674;i:1584;i:1122575488;i:2002;i:1122579443;}
IP: 217.54.143.159
Date and Time: 28 July, 2005, 10:11 pm
Referer: http://www.XXX.com/forum1000/privmsg.php?folder=inbox&mode=read&p=2121

Cookie: phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:1:\"4\";}; phpbb2mysql_sid=59f7de399f61fbc4e164e9903049ba04; phpbb2mysql_b_6=1; phpbb2mysql_t=a:2:{i:1691;i:1122619864;i:2002;i:1122619899;}
IP: 81.10.79.206
Date and Time: 29 July, 2005, 8:52 am
Referer: http://www.XXX.com/forum1000/privmsg.php?folder=inbox&mode=read&p=2118

Cookie: phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:1:\"6\";}; phpbb2mysql_sid=e86d7e0db8b0ab4cf0538f32ac2572f5; phpbb2mysql_t=a:3:{i:298;i:1122793324;i:2003;i:1122793546;i:2140;i:1122794074;}
IP: 196.204.149.12
Date and Time: 31 July, 2005, 9:15 am
Referer: http://www.XXX.com/forum1000/privmsg.php?folder=inbox&mode=read&p=2119

Any One Told Me Who To Use It Please Embarassed

mastrb0y · Regular user

got a totally fucked up cookie:

Neverhood · Regular user

robin1200 · Regular user

is there a way to force (perl or xss script) to autologin the admin?

Chb · Valuable expert

Alex_Gutsy · Beginner

Cookie: _data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:1:\"2\";}; cpg132_data=YTozOntzOjI6IklEIjtzOjMyOiIzY2ZhNzg2ZThlZDdjMTdmZjlkOWE2ZDFjYzZhYjY0ZiI7czoyOiJhbSI7aToxO3M6MzoibGl2IjthOjQ6e2k6MDtzOjM6Ijg1MSI7aToxO3M6MzoiNjk3IjtpOjI7czozOiI3MDAiO2k6MztzOjM6Ijg1MyI7fX0=; _sid=a650b7acb5ecc0f748a7bd935751b794; _t=a:2:{i:584;i:1127885599;i:1199;i:1127885800;}
IP: 62.236.76.8
Date and Time: 28 September, 2005, 8:36 am
Referer: http://www.xxx.com/davidforum/privmsg.php?folder=inbox&mode=read&p=10679

where md5 hash??? I thin in here no hash... so how can I login to it?

kiruban · Beginner

Cookie: phpbb2mysql_data=a:2:{s:11:"autologinid";s:32:"cdd1503aa410fff54a0cf1844acc96b9";s:6:"userid";i:2;}; he=llo; phpbb2mysql_sid=66a2a2138a4f003c97b86b349072f0fe; h2=o
IP: 199.60.112.11
Date and Time: 28 October, 2005, 10:40 pm
Referer: http://www.XXXXXXX.com/forums/privmsg.php?folder=inbox&mode=read&p=4613

what i do with that ? can anyone explain me how to do ? please ?

lak1s · Regular user

can soemone help me? when I use the script with anti-chat.ru I only get my OWN COOKIE, what mistake make I ? can soemone help me and say me exaclty what is the right cookie stealer and how to use it, ive try all in this topic but i dont know what is the right cookie stealer, can soemone help me plz

skankerer · Beginner

What host do you all use to put your files on? This is pissing me off. I can't find a small one with automatic activation with ftp access.

chuan · Regular user

i used it.but it does not works?

glitch · Beginner

i paste the exploit code in the post in some forums, but it doesn't effect.. it's working only with one forum, but i tested with 5-6 forums.. i paste the same code, which works on other forum.. and when i send my post it shows all the code in the post and doesn't effect :/
where did i fuck? how to repair it?

gbar · Regular user

Hi,
Im new to this and cant figiure out how this works,
I have read all these reply's, viewed that short film clip about it,
but its still not working.
I place the text in my post, change the url to my sites url.
Then i upload cookies.txt (empty files) & steal.php (empty file)
Then i upload cookies.php with the relevant text in previous posts, all files have been chmodded to 777 and are all in the root directory.
When i go to cookies.txt its completely empty, steal.php shows me what im supposed to see, but only shows me my cookie, no one elses.

Anyone got any ideas ?
Thanks !