|
|
|
|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 78
Members: 0
Total: 78
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
[Hack] phpBB 2.0.18 |
|
Posted: Mon Jan 07, 2008 7:38 pm |
|
|
Veritas |
Beginner |
|
|
Joined: Jan 07, 2008 |
Posts: 2 |
|
|
|
|
|
|
|
Hi,
I'd like to hack a phpBB forum whom I found out the version : 2.0.18
The HTML is authorized. However, the cookie stealer never works. I made several tests and it just takes the hour and the IP, never the SID or anything else !
So, I have two questions :
- How can I hack a phpBB 2.0.18 forum without using a cookie stealer (cuz this stuff doesn't work anymore) ?
- Can I find a SID without the cookie stealer ?
Thx by advance |
|
|
|
|
Posted: Tue Jan 08, 2008 7:41 pm |
|
|
int |
Regular user |
|
|
Joined: Aug 13, 2007 |
Posts: 12 |
|
|
|
|
|
|
|
Hi and welcome !
Have you tried the other exploit on the forum (I mean the remote bruteforce one available on milw0rm).
You pretty much can`t do anything if these don`t work., except keylog the admin`s password or idk... try to find another vulnerable php application on the server.
Ow.. I`d be curious if an `XSS In Picture` method would work.. never tried :/ |
|
|
|
|
Posted: Tue Jan 08, 2008 9:07 pm |
|
|
Veritas |
Beginner |
|
|
Joined: Jan 07, 2008 |
Posts: 2 |
|
|
|
|
|
|
|
The bruteforce sploit works, but it's sooooooooooo sloooooooooooow |
|
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|
|