Waraxe IT Security Portal
Login or Register
March 29, 2025
Members List
IRC chat
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
Sql Char Encoder
y3dips ITsec
Md5 Cracker
User Manuals
Recommend Us
Your Account
User Info
Welcome, Anonymous

Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 416
Members: 0
Total: 416
Full disclosure
Three bypasses of Ubuntu's unprivileged user namespacerestrictions
SQL Injection in Admin Functionality - dolphin.prov7.4.2
Stored XSS via Send Message Functionality - dolphin.prov7.4.2
APPLE-SA-03-11-2025-4 visionOS 2.3.2
APPLE-SA-03-11-2025-3 macOS Sequoia 15.3.2
APPLE-SA-03-11-2025-2 iOS 18.3.2 and iPadOS 18.3.2
APPLE-SA-03-11-2025-1 Safari 18.3.1
CVE-2019-16261 (UPDATE): Unauthenticated POST requests to Tripp Lite UPS Systems
Multiple sandbox escapes in asteval python sandboxing module
SEC Consult SA-20250226-0 :: Multiple vulnerabilities in Siemens A8000 CP-8050 & CP-8031 PLC
Re: MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client
MitM attack against OpenSSH's VerifyHostKeyDNS-enabled client
Self Stored XSS - acp2sev7.2.2
Python's official documentation contains textbook example of insecure code (XSS)
Re: Netgear Router Administrative Web Interface Lacks Transport Encryption By Default
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> phpBB 2.0.19
Post new topicReply to topic View previous topic :: View next topic
phpBB 2.0.19
PostPosted: Wed Sep 05, 2007 8:23 pm Reply with quote
Regular user
Regular user
Joined: Sep 05, 2007
Posts: 5

I've googled and read through most of these topics and tried a few cookie changes etc, but I cant seem to bypass the login page. I am reading through the source code and am new to php (only proficient in .NET and html).

I know how to write SQL but dont know where to execute the statements besides the userid and psswd boxes. (which have been of no use)
Are the inputs being sanitized?

A link or a push in the right direction would be appreciated.
View user's profile Send private message
PostPosted: Thu Sep 06, 2007 2:34 pm Reply with quote
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu

Phpbb 2.0.19 is written with security in mind and I dont know any serious sql injection exploits against it. Maybe there are some insecure MOD-s in target installation, which can offer security holes Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Thu Sep 06, 2007 5:59 pm Reply with quote
Regular user
Regular user
Joined: Sep 05, 2007
Posts: 5

Darn! Ok Thanks.

I would like to host the site (a raw phpbb2.0.19) on my machine and try to kind of run it in debug. to at least follow along to get my own understanding of what its doing. What would be the best prgram or IDE for this? I downloaded dreamweaver but I am still getting used to it and the fan in my computer goes insane every time I open it.
View user's profile Send private message
PostPosted: Fri Sep 07, 2007 5:15 pm Reply with quote
Joined: Dec 01, 2004
Posts: 181
Location: Cyprus

itsnotatumor wrote:
Darn! Ok Thanks.

I would like to host the site (a raw phpbb2.0.19) on my machine and try to kind of run it in debug. to at least follow along to get my own understanding of what its doing. What would be the best prgram or IDE for this? I downloaded dreamweaver but I am still getting used to it and the fan in my computer goes insane every time I open it.

what you actually need is a Stand Alone server .. I quess you are using windows right ?

Instead of installing anything like php mysql apache etc it is better to use Xampp ... from

It has everything you need for installing phpbb locally and test it if you want.

but on the other hand .. i see that you are a bit confused on basic things like using dreamweaver to install phpbb ?!?!@#? and when you use it .. your fun in your computer goes crazy ?

so to start from somewhere ..

install xampp ..
then read how to install phpbb locally.
then play with phpbb on your computer ..

i suggest you to use a simple editor for your tests instead of using dreamweaver. like notepad++

who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com
View user's profile Send private message Visit poster's website MSN Messenger
PostPosted: Fri Sep 07, 2007 5:32 pm Reply with quote
Regular user
Regular user
Joined: Sep 05, 2007
Posts: 5

will do thanks! Yeah Dreamwaever makes my box start buzzing. lol! This is my first attempt at anything bigger than malicious html and javascript so I appreciate the help fellas!
View user's profile Send private message
PostPosted: Fri Sep 07, 2007 7:42 pm Reply with quote
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu

I am using Dreamweaver 2004 on my home computer and it is useful, when analyzing 5000-line php script Smile
Yes, it is resource hungry Smile
I am sure, that there are good open-source and free php IDE-s, just don't have time to look for them. Laughing
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Fri Sep 07, 2007 8:58 pm Reply with quote
Joined: Dec 01, 2004
Posts: 181
Location: Cyprus

waraxe wrote:
I am using Dreamweaver 2004 on my home computer and it is useful, when analyzing 5000-line php script Smile
Yes, it is resource hungry Smile
I am sure, that there are good open-source and free php IDE-s, just don't have time to look for them. Laughing

notepad++ !!! support open source and free software Smile those that are given to us for free and we don't have to "buy" them Smile

who|grep -i blonde|talk; cd~;wine;talk;touch;unzip;touch; strip;gasp;finger;gasp;mount; fsck; more; yes; gasp; umount; make clean; sleep;wakeup;goto http://www.md5this.com
View user's profile Send private message Visit poster's website MSN Messenger
PostPosted: Sat Sep 08, 2007 7:14 pm Reply with quote
Regular user
Regular user
Joined: Sep 05, 2007
Posts: 5

I just really really want to view some freakin topics. I dont even want to mess them up... just read the dang topics. There has got to be a way around this junk... There always is.
View user's profile Send private message
PostPosted: Sat Sep 08, 2007 7:59 pm Reply with quote
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu

itsnotatumor wrote:
I just really really want to view some freakin topics. I dont even want to mess them up... just read the dang topics. There has got to be a way around this junk... There always is.

Still, phpbb 2.0.19 is hard target. But there are other attack possibilites.
For example - if that website is using virtual hosting and many domains are pointed to the same physical server, then you have chance to compromise some other website on that shared server and then use it to attack main target.
Here is what you can do:

1. find your target webserver ip address
2. use msn for reveal colocated websites.

Random example:

We are interested in http://www.car-vs-car.de/forum/
So domain is: www.car-vs-car.de

IP address:

Let's try IP:

Oops, 403 forbidden. So it seems to be shared hosting.
Now let's use msn:


And we get 2 more websites on that server:


There are better tools to search colocates webites, than msn, so be creative Smile
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Wed Sep 12, 2007 4:37 pm Reply with quote
Regular user
Regular user
Joined: Sep 05, 2007
Posts: 5

I had done that before and gotten the IP address of their server, but I didnt know what to do with it. Thanks again for another step in the right direction. I'll see what some of my friends and I can pool together.
View user's profile Send private message
phpBB 2.0.19
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic

Powered by phpBB © 2001-2008 phpBB Group

Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.038 Seconds