 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
Exploits in phpBB 2.0.16 |
 |
 Posted: Mon Apr 03, 2006 3:59 pm |
 |
|
| Aryan-Husky |
| Active user |
 |
|
| Joined: Apr 03, 2006 |
| Posts: 37 |
|
|
|
 |
|
 |
|
Hi Friends,
Firstly thanks to the Admins and Moderators of this site for supplying so much information. Over the past few days I have found it to be a fantastic resource.
Now to the point, I am trying to gain access to the Administration Panel of a phpBB 2.0.16. This Board has just 1 Admin and 2 Moderators.
I have an account registered on this board. It is quite a popular community with nearly 2,000 Members and over 110,000 Articles.
The only vulnerability I have found on this board is to use XSS Remote Cookie Disclosure which will give me the Md5 of the logged in user who views a post made by myself.
This seems to be working fine and I have got several Passwords already of Normal Users but no Mods or the Admin just yet even though I know they have viewed my Post, can anybody share some light on this problem as to why I can't get the Mods or Admins Md5?
Also does anybody else know of another exploit for 2.0.16?
Thanks for your time. |
|
|
|
|
|
|
|
|
| Posted: Wed Apr 05, 2006 4:04 am |
|
|
| Aryan-Husky |
| Active user |
|
|
| Joined: Apr 03, 2006 |
| Posts: 37 |
|
|
|
|
|
|
|
Ok I have finally got the Admins Md5
f329a817d2e94133825c36aa6f2f7a64
However I have tried all online tools to resolve this hash but all so far have been unsuccsessful.
I am now currently using MDCrack NG 1.2 and it is currently on Day 3 of trying to resolve the above hash.
Can any body recommend anything else I could try?
Also I recently found out the the XSS exploit in phpBB2.0.16 only works when a logged in user views a post using Internet Explorer only, just incase anybody else out there was having the same problem.
P.S. I got the Admins Md5 by sending him a PM  |
|
|
|
|
|
|
|
|
| Posted: Wed Apr 05, 2006 5:56 am |
|
|
| naragorn |
| Regular user |
 |
|
| Joined: Apr 03, 2006 |
| Posts: 10 |
|
|
|
|
|
|
|
do u want to have the paswd or just enter as admin??
If u want to login as admin, u have to download IECV(google it)
then open it and search for the cookie of ur forum(You shouldopen the forum on Internet explorer, cause the program above just works with IE cookies
and replace ur cookie with this
a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:2:"USERID-OFTHEADMIN";}
If that doesnt work, try this
a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:1:"USERID-OFTHEADMIN";}
Then save it and load the forim again(Internet explorer)
If u need more help, well, tthere are tons here,(I learned a lot) |
|
|
|
|
|
|
|
|
| Posted: Wed Apr 05, 2006 6:49 am |
|
|
| mobettahformeright |
| Beginner |
|
|
| Joined: Apr 05, 2006 |
| Posts: 2 |
|
|
|
|
|
|
|
"The only vulnerability I have found on this board is to use XSS Remote Cookie Disclosure which will give me the Md5 of the logged in user who views a post made by myself. "
which will give me????...........where do you get it?.........do i have to have my own server or sumthing?........i dont understand this part |
|
|
|
|
|
|
|
|
| Posted: Wed Apr 05, 2006 7:25 am |
|
|
| Aryan-Husky |
| Active user |
|
|
| Joined: Apr 03, 2006 |
| Posts: 37 |
|
|
|
|
|
|
|
| naragorn wrote: | do u want to have the paswd or just enter as admin??
If u want to login as admin, u have to download IECV(google it)
then open it and search for the cookie of ur forum(You shouldopen the forum on Internet explorer, cause the program above just works with IE cookies
and replace ur cookie with this
a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:2:"USERID-OFTHEADMIN";}
If that doesnt work, try this
a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:1:"USERID-OFTHEADMIN";}
Then save it and load the forim again(Internet explorer)
If u need more help, well, tthere are tons here,(I learned a lot) |
Hi naragorn,
Thanks for your Reply, firstly the Admin user id is "2", secondly I downloaded IECV and did exactly what you said but nothing happened, maybe could you explain some more?
Firstly I logged into the forum on IE then closed it. Then I opened IECV and replaced my cookie with the cookie of the admin and clicked on Modify. Then I closed IECV and opened IE again and went back to the Forum but I was still logged in as my regular User Name?
And yes it doesn't matter if I get the Admin Password or Admin Access, its all the same.
Thanks agian for your help. |
|
|
|
|
|
|
|
|
| Posted: Wed Apr 05, 2006 5:11 pm |
|
|
| mobettahformeright |
| Beginner |
|
|
| Joined: Apr 05, 2006 |
| Posts: 2 |
|
|
|
|
|
|
|
| ok, so i watched the video, where does he get that xlmrpc?........then he types in, kisobox.shit.php?..........whats that all about??? |
|
|
|
|
| Posted: Wed Apr 05, 2006 5:48 pm |
|
|
| naragorn |
| Regular user |
|
|
| Joined: Apr 03, 2006 |
| Posts: 10 |
|
|
|
|
|
|
|
U have to try them separately, when u log into te forum, then u have to close all IE windows, and then open IECV, i think u didnt modify the right cookie, cause in case u had modify the cookie and it was wront, u would not be logged as ur usual user, but u wouldnt be logged,
try searching all cookies for that site, then look for a cookie that says
"phpbb2mysql_data" or something like it, thats the cookie u have to modify, then try the ones below separately,
Btw, thos md5s are the ones from the admin right??
a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:2:"2";}
a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:1:"2";} |
|
|
|
|
|
|
|
|
| Posted: Wed Apr 05, 2006 6:42 pm |
|
|
| Aryan-Husky |
| Active user |
|
|
| Joined: Apr 03, 2006 |
| Posts: 37 |
|
|
|
|
|
|
|
| naragorn wrote: | U have to try them separately, when u log into te forum, then u have to close all IE windows, and then open IECV, i think u didnt modify the right cookie, cause in case u had modify the cookie and it was wront, u would not be logged as ur usual user, but u wouldnt be logged,
try searching all cookies for that site, then look for a cookie that says
"phpbb2mysql_data" or something like it, thats the cookie u have to modify, then try the ones below separately,
Btw, thos md5s are the ones from the admin right??
a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:2:"2";}
a:2:{s:11:"autologinid";s:32:"f329a817d2e94133825c36aa6f2f7a64";s:6:"userid";s:1:"2";} |
naragorn,
Thank you so much that worked perfectly, however I can't get into the admin panel because it requires to be authenticated. Any ideas around this?
Once again thanks,  |
|
|
|
|
|
|
|
|
| Posted: Wed Apr 05, 2006 7:56 pm |
|
|
| naragorn |
| Regular user |
|
|
| Joined: Apr 03, 2006 |
| Posts: 10 |
|
|
|
|
|
|
|
what do u mean??
U mean u logged in as admin, but u cant access to the admin panel cuz u have to login again??
If thats so, what version og phpbb is that??
Cuz i have used that technique on 2.0.16 and it works fine, i can access to admin panel, no verification needed
I havent run into that |
|
|
|
|
|
|
|
|
| Posted: Thu Apr 06, 2006 1:46 am |
|
|
| Aryan-Husky |
| Active user |
|
|
| Joined: Apr 03, 2006 |
| Posts: 37 |
|
|
|
|
|
|
|
| naragorn wrote: | what do u mean??
U mean u logged in as admin, but u cant access to the admin panel cuz u have to login again??
If thats so, what version og phpbb is that??
Cuz i have used that technique on 2.0.16 and it works fine, i can access to admin panel, no verification needed
I havent run into that |
Thanks again naragorn,
Yes thats exactly it, I logged in as Admin but I have to enter my password again to log in as admin in Admin Panel.
Believe it or not this site is actually running phpBB 2.0.15
If you would like to help me out I could give you the admin details and site info and so on in a PM if intersted!
I'd be gratefull for your help,
Thanks. |
|
|
|
|
| Posted: Thu Apr 06, 2006 1:48 am |
|
|
| Aryan-Husky |
| Active user |
|
|
| Joined: Apr 03, 2006 |
| Posts: 37 |
|
|
|
|
|
|
|
| mobettahformeright drop me a PM and i'll try talk your through it. Make sure your target forum is phpbb 2.0.16 <= |
|
|
|
|
| Posted: Thu Apr 06, 2006 2:13 pm |
|
|
| sljyro |
| Advanced user |
 |
|
| Joined: Mar 23, 2006 |
| Posts: 53 |
|
|
|
|
|
|
|
hi,
im logged in as admin after doing a cookie exploit. the problem i am having is to go to the admin panel i need to re authenticate the password. this is a 2.0.15 phpBB version as well.
any help appreciated,
SL jyro |
|
|
|
|
| Posted: Thu Apr 06, 2006 5:18 pm |
|
|
| Aryan-Husky |
| Active user |
|
|
| Joined: Apr 03, 2006 |
| Posts: 37 |
|
|
|
|
|
|
|
| Same problem as myself, hopefully somebody can help. |
|
|
|
|
| Posted: Thu Apr 06, 2006 9:04 pm |
|
|
| naragorn |
| Regular user |
|
|
| Joined: Apr 03, 2006 |
| Posts: 10 |
|
|
|
|
|
|
|
| ok send a pm with the info, illtry to help, but b4 that, is it 2.0.15?? as far as i remember that one hast a lot of bugs, most important one is remote command execution, have u tried those?? |
|
|
|
|
| Posted: Fri Apr 07, 2006 12:08 am |
|
|
| sljyro |
| Advanced user |
|
|
| Joined: Mar 23, 2006 |
| Posts: 53 |
|
|
|
|
|
|
|
thanks but i got another admin in the trap, password was a mediocre '1'. when will people learn 
cheers anyway,
sljyro |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 2
Goto page 1, 2Next
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 49
Members: 0
Total: 49
