|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 53
Members: 0
Total: 53
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
Posted: Fri Aug 05, 2005 9:23 pm |
|
|
700G |
Active user |
|
|
Joined: Mar 25, 2005 |
Posts: 33 |
|
|
|
|
|
|
|
Then the admin probably doesn't have "Log me on automatically each visit" checked. |
|
|
|
|
Posted: Fri Aug 05, 2005 9:39 pm |
|
|
700G |
Active user |
|
|
Joined: Mar 25, 2005 |
Posts: 33 |
|
|
|
|
|
|
|
...oh yeah, and another possibility is that the admin isn't using IE. |
|
|
|
|
Posted: Fri Aug 05, 2005 9:59 pm |
|
|
diegocure15 |
Active user |
|
|
Joined: Sep 22, 2004 |
Posts: 27 |
|
|
|
|
|
|
|
it does not matter if forums still is 2.1.6 mine is that version but all i did was pacth the bbcode.php file wich is the one with the bug and on the other hand if you get hashes from users and edit tours with them and visit that site and you see you are another user "the one you stoll the cookies from" that means the forum still vul. |
|
|
|
|
|
???????????? |
|
Posted: Sun Aug 21, 2005 2:44 pm |
|
|
MOOD |
Beginner |
|
|
Joined: Aug 20, 2005 |
Posts: 2 |
|
|
|
|
|
|
|
i used this exploit for { phpBB2 Plus 1.55 based on phpBB }
I send PM's to All Admins And i got this
Cookie: phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:1:\"5\";}; phpbb2mysql_sid=b8e1e9fc6bbfc7300fbffbd9e0303bf9; phpbb2mysql_t=a:9:{i:1668;i:1122573925;i:2019;i:1122574321;i:1628;i:1122575145;i:1402;i:1122575198;i:2034;i:1122575257;i:217;i:1122575288;i:2029;i:1122579674;i:1584;i:1122575488;i:2002;i:1122579443;}
IP: 217.54.143.159
Date and Time: 28 July, 2005, 10:11 pm
Referer: http://www.XXX.com/forum1000/privmsg.php?folder=inbox&mode=read&p=2121
Cookie: phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:1:\"4\";}; phpbb2mysql_sid=59f7de399f61fbc4e164e9903049ba04; phpbb2mysql_b_6=1; phpbb2mysql_t=a:2:{i:1691;i:1122619864;i:2002;i:1122619899;}
IP: 81.10.79.206
Date and Time: 29 July, 2005, 8:52 am
Referer: http://www.XXX.com/forum1000/privmsg.php?folder=inbox&mode=read&p=2118
Cookie: phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:1:\"6\";}; phpbb2mysql_sid=e86d7e0db8b0ab4cf0538f32ac2572f5; phpbb2mysql_t=a:3:{i:298;i:1122793324;i:2003;i:1122793546;i:2140;i:1122794074;}
IP: 196.204.149.12
Date and Time: 31 July, 2005, 9:15 am
Referer: http://www.XXX.com/forum1000/privmsg.php?folder=inbox&mode=read&p=2119
Any One Told Me Who To Use It Please |
|
|
|
|
|
|
|
|
Posted: Mon Aug 29, 2005 8:33 pm |
|
|
mastrb0y |
Regular user |
|
|
Joined: Apr 19, 2005 |
Posts: 7 |
|
|
|
|
|
|
|
got a totally fucked up cookie:
Code: | lang=norwegian; user=MTM6U2hvZ3VuOjM4OTlkY2JhYjc5ZjkyYWY3MjdjMjE5MGJiZDhhYmM1OjEwOjowOjA6MDowOjo0MDk2; lang=norwegian; cpg133_data=YTo0OntzOjI6IklEIjtzOjMyOiI5MDMwZjVlYTkxOGY5ODFmNDFlZGRiMDcwNWY5YjYwMSI7czoyOiJhbSI7aToxO3M6MzoibGl2IjthOjU6e2k6MDtzOjM6IjE2NSI7aToxO3M6MzoiMTI1IjtpOjI7czozOiIxMjMiO2k6MztzOjM6IjEyNCI7aTo0O3M6MzoiMTQ1Ijt9czo0OiJuYW1lIjtzOjY6InNob2d1biI7fQ==
|
phpbb is embeded in nuke though, can i do anything with it? comes from IE ofcourse, and cookie crafting guide is only for firefox :S[/code] |
|
|
|
|
|
Re: ???????????? |
|
Posted: Sun Sep 04, 2005 12:32 am |
|
|
Neverhood |
Regular user |
|
|
Joined: Aug 29, 2005 |
Posts: 13 |
|
|
|
|
|
|
|
MOOD wrote: | i used this exploit for { phpBB2 Plus 1.55 based on phpBB }
I send PM's to All Admins And i got this
Cookie: phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:1:\"5\";}; phpbb2mysql_sid=b8e1e9fc6bbfc7300fbffbd9e0303bf9; phpbb2mysql_t=a:9:{i:1668;i:1122573925;i:2019;i:1122574321;i:1628;i:1122575145;i:1402;i:1122575198;i:2034;i:1122575257;i:217;i:1122575288;i:2029;i:1122579674;i:1584;i:1122575488;i:2002;i:1122579443;}
IP: 217.54.143.159
Date and Time: 28 July, 2005, 10:11 pm
Referer: http://www.XXX.com/forum1000/privmsg.php?folder=inbox&mode=read&p=2121
Cookie: phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:1:\"4\";}; phpbb2mysql_sid=59f7de399f61fbc4e164e9903049ba04; phpbb2mysql_b_6=1; phpbb2mysql_t=a:2:{i:1691;i:1122619864;i:2002;i:1122619899;}
IP: 81.10.79.206
Date and Time: 29 July, 2005, 8:52 am
Referer: http://www.XXX.com/forum1000/privmsg.php?folder=inbox&mode=read&p=2118
Cookie: phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:1:\"6\";}; phpbb2mysql_sid=e86d7e0db8b0ab4cf0538f32ac2572f5; phpbb2mysql_t=a:3:{i:298;i:1122793324;i:2003;i:1122793546;i:2140;i:1122794074;}
IP: 196.204.149.12
Date and Time: 31 July, 2005, 9:15 am
Referer: http://www.XXX.com/forum1000/privmsg.php?folder=inbox&mode=read&p=2119
Any One Told Me Who To Use It Please |
yeah same here wanna know the same thing what to do next now? |
|
|
|
|
|
|
|
|
Posted: Wed Sep 14, 2005 11:08 pm |
|
|
robin1200 |
Regular user |
|
|
Joined: Sep 13, 2005 |
Posts: 19 |
|
|
|
|
|
|
|
is there a way to force (perl or xss script) to autologin the admin? |
|
|
|
|
|
Re: ???????????? |
|
Posted: Thu Sep 15, 2005 9:16 am |
|
|
Chb |
Valuable expert |
|
|
Joined: Jul 23, 2005 |
Posts: 206 |
Location: Germany |
|
|
|
|
|
|
Neverhood wrote: | MOOD wrote: | i used this exploit for { phpBB2 Plus 1.55 based on phpBB }
I send PM's to All Admins And i got this
Cookie: phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:1:\"5\";}; phpbb2mysql_sid=b8e1e9fc6bbfc7300fbffbd9e0303bf9; phpbb2mysql_t=a:9:{i:1668;i:1122573925;i:2019;i:1122574321;i:1628;i:1122575145;i:1402;i:1122575198;i:2034;i:1122575257;i:217;i:1122575288;i:2029;i:1122579674;i:1584;i:1122575488;i:2002;i:1122579443;}
IP: 217.54.143.159
Date and Time: 28 July, 2005, 10:11 pm
Referer: http://www.XXX.com/forum1000/privmsg.php?folder=inbox&mode=read&p=2121
Cookie: phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:1:\"4\";}; phpbb2mysql_sid=59f7de399f61fbc4e164e9903049ba04; phpbb2mysql_b_6=1; phpbb2mysql_t=a:2:{i:1691;i:1122619864;i:2002;i:1122619899;}
IP: 81.10.79.206
Date and Time: 29 July, 2005, 8:52 am
Referer: http://www.XXX.com/forum1000/privmsg.php?folder=inbox&mode=read&p=2118
Cookie: phpbb2mysql_data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:1:\"6\";}; phpbb2mysql_sid=e86d7e0db8b0ab4cf0538f32ac2572f5; phpbb2mysql_t=a:3:{i:298;i:1122793324;i:2003;i:1122793546;i:2140;i:1122794074;}
IP: 196.204.149.12
Date and Time: 31 July, 2005, 9:15 am
Referer: http://www.XXX.com/forum1000/privmsg.php?folder=inbox&mode=read&p=2119
Any One Told Me Who To Use It Please |
yeah same here wanna know the same thing what to do next now? |
Add the admin cookie to your cookies? Then you might be an admin next time viewing the board. |
|
|
|
|
|
|
|
|
Posted: Wed Sep 28, 2005 1:01 pm |
|
|
Alex_Gutsy |
Beginner |
|
|
Joined: Jul 20, 2005 |
Posts: 4 |
Location: Lithuania |
|
|
|
|
|
|
Cookie: _data=a:2:{s:11:\"autologinid\";s:0:\"\";s:6:\"userid\";s:1:\"2\";}; cpg132_data=YTozOntzOjI6IklEIjtzOjMyOiIzY2ZhNzg2ZThlZDdjMTdmZjlkOWE2ZDFjYzZhYjY0ZiI7czoyOiJhbSI7aToxO3M6MzoibGl2IjthOjQ6e2k6MDtzOjM6Ijg1MSI7aToxO3M6MzoiNjk3IjtpOjI7czozOiI3MDAiO2k6MztzOjM6Ijg1MyI7fX0=; _sid=a650b7acb5ecc0f748a7bd935751b794; _t=a:2:{i:584;i:1127885599;i:1199;i:1127885800;}
IP: 62.236.76.8
Date and Time: 28 September, 2005, 8:36 am
Referer: http://www.xxx.com/davidforum/privmsg.php?folder=inbox&mode=read&p=10679
where md5 hash??? I thin in here no hash... so how can I login to it? |
|
|
|
|
|
|
|
|
Posted: Sat Oct 29, 2005 8:05 am |
|
|
kiruban |
Beginner |
|
|
Joined: Oct 29, 2005 |
Posts: 2 |
|
|
|
|
|
|
|
Cookie: phpbb2mysql_data=a:2:{s:11:"autologinid";s:32:"cdd1503aa410fff54a0cf1844acc96b9";s:6:"userid";i:2;}; he=llo; phpbb2mysql_sid=66a2a2138a4f003c97b86b349072f0fe; h2=o
IP: 199.60.112.11
Date and Time: 28 October, 2005, 10:40 pm
Referer: http://www.XXXXXXX.com/forums/privmsg.php?folder=inbox&mode=read&p=4613
what i do with that ? can anyone explain me how to do ? please ? |
|
|
|
|
Posted: Tue Dec 27, 2005 5:17 pm |
|
|
lak1s |
Regular user |
|
|
Joined: Oct 22, 2005 |
Posts: 11 |
|
|
|
|
|
|
|
can soemone help me? when I use the script with anti-chat.ru I only get my OWN COOKIE, what mistake make I ? can soemone help me and say me exaclty what is the right cookie stealer and how to use it, ive try all in this topic but i dont know what is the right cookie stealer, can soemone help me plz |
|
|
|
|
|
Gah! |
|
Posted: Mon Jan 02, 2006 7:35 am |
|
|
skankerer |
Beginner |
|
|
Joined: Jan 02, 2006 |
Posts: 2 |
|
|
|
|
|
|
|
What host do you all use to put your files on? This is pissing me off. I can't find a small one with automatic activation with ftp access. |
|
|
|
|
Posted: Thu Jan 05, 2006 5:47 am |
|
|
chuan |
Regular user |
|
|
Joined: Jan 05, 2006 |
Posts: 7 |
|
|
|
|
|
|
|
i used it.but it does not works? |
|
|
|
|
Posted: Mon Jan 09, 2006 9:21 pm |
|
|
glitch |
Beginner |
|
|
Joined: Jan 09, 2006 |
Posts: 2 |
Location: Poland |
|
|
|
|
|
|
i paste the exploit code in the post in some forums, but it doesn't effect.. it's working only with one forum, but i tested with 5-6 forums.. i paste the same code, which works on other forum.. and when i send my post it shows all the code in the post and doesn't effect :/
where did i fuck? how to repair it? |
|
|
|
|
|
|
|
|
Posted: Thu Jan 19, 2006 11:31 pm |
|
|
gbar |
Regular user |
|
|
Joined: Jan 20, 2006 |
Posts: 9 |
|
|
|
|
|
|
|
Hi,
Im new to this and cant figiure out how this works,
I have read all these reply's, viewed that short film clip about it,
but its still not working.
I place the text in my post, change the url to my sites url.
Then i upload cookies.txt (empty files) & steal.php (empty file)
Then i upload cookies.php with the relevant text in previous posts, all files have been chmodded to 777 and are all in the root directory.
When i go to cookies.txt its completely empty, steal.php shows me what im supposed to see, but only shows me my cookie, no one elses.
Anyone got any ideas ?
Thanks ! |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 7 of 8
Goto page Previous1, 2, 3, 4, 5, 6, 7, 8Next
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|