Waraxe IT Security Portal
Login or Register
December 23, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 88
Members: 0
Total: 88
Full disclosure
CyberDanube Security Research 20241219-0 | Authenticated Remote Code Execution in Ewon Flexy 205
Stored XSS with Filter Bypass - blogenginev3.3.8
[SYSS-2024-085]: Broadcom CA Client Automation - Improper Privilege Management (CWE-269)
[KIS-2024-07] GFI Kerio Control <= 9.4.5 Multiple HTTP Response Splitting Vulnerabilities
RansomLordNG - anti-ransomware exploit tool
APPLE-SA-12-11-2024-9 Safari 18.2
APPLE-SA-12-11-2024-8 visionOS 2.2
APPLE-SA-12-11-2024-7 tvOS 18.2
APPLE-SA-12-11-2024-6 watchOS 11.2
APPLE-SA-12-11-2024-5 macOS Ventura 13.7.2
APPLE-SA-12-11-2024-4 macOS Sonoma 14.7.2
APPLE-SA-12-11-2024-3 macOS Sequoia 15.2
APPLE-SA-12-11-2024-2 iPadOS 17.7.3
APPLE-SA-12-11-2024-1 iOS 18.2 and iPadOS 18.2
SEC Consult SA-20241211-0 :: Reflected Cross-Site Scripting in Numerix License Server Administration System Login
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> PhpBB -> how to hack phpBB 2.0.4 ?
Post new topicReply to topic View previous topic :: View next topic
how to hack phpBB 2.0.4 ?
PostPosted: Tue Oct 04, 2005 1:23 pm Reply with quote
showie
Beginner
Beginner
Joined: Oct 04, 2005
Posts: 1




Can some explain me how i hack a phpbb 2.0.4 forum ?

tnx Wink
View user's profile Send private message
PostPosted: Tue Oct 04, 2005 4:25 pm Reply with quote
g30rg3_x
Active user
Active user
Joined: Jan 23, 2005
Posts: 31
Location: OutSide Of The PE




sorry to be rude...

but there is a lot of exploits with a Proof-of-concept, because that version is very old (today is launched the version 2.0.17)...

some of most know is the highlight vuln and his renoved version, there is xss with ie6, bypass technique for getting admin acces and in phpBB 2.0.8 a SQL-Injection...

some are here in waraxe an others are not...

phpBB List of Vulns since 2.0.4:
(in order of recently launched)

phpBB <= 2.0.16 XSS Remote Cookie Disclosure Exploit
http://www.waraxe.us/ftopict-890.html
http://www.milw0rm.com/id.php?id=1103
http://www.milw0rm.com/id.php?id=1095

phpBB 2.0.15 (highlight) Remote PHP Code Execution
http://www.waraxe.us/ftopict-883.html
http://www.waraxe.us/ftopict-873.html
http://www.waraxe.us/ftopict-872.html
http://www.securitytracker.com/id?1014320
http://www.frsirt.com/exploits/20050701.phpbb2015.py.php
http://www.milw0rm.com/id.php?id=1080
http://www.milw0rm.com/id.php?id=1076

phpBB <= 2.0.15 Register Multiple Users Denial of Service
http://www.waraxe.us/ftopict-855.html
http://www.milw0rm.com/id.php?id=1064
http://www.milw0rm.com/id.php?id=1063

phpBB <= 2.0.12 Change User Rights Authentication Bypass
http://securitytracker.com/alerts/2005/Mar/1013375.html
http://www.milw0rm.com/id.php?id=897
http://www.milw0rm.com/id.php?id=889
http://www.milw0rm.com/id.php?id=871
http://www.milw0rm.com/id.php?id=858

phpBB <= 2.0.10 Remote Command Execution Exploit
http://www.milw0rm.com/id.php?id=647
http://www.milw0rm.com/id.php?id=673

phpBB <= 2.0.8 XSS and full path disclosure
http://www.waraxe.us/content-34.html

phpBB <= 2.0.8 Critical sql injection
http://www.waraxe.us/content-13.html

phpBB 2.0.6c Non-critical Sql injection and XSS
http://www.waraxe.us/content-9.html

phpBB 2.0.6 search_id sql injection MD5 Hash Remote Exploit
http://www.milw0rm.com/id.php?id=137

phpBB 2.0.5 SQL Injection password disclosure Exploit
http://www.milw0rm.com/id.php?id=44

phpBB 2.0.4 Remote php File Include Exploit
http://www.milw0rm.com/id.php?id=47


so as you see there is A LOT of bugs in phpBB since the 2.0.4 and there is very easy to hack a forum with that version of phpBB, just you have to test any and use that information to "hack" that version...

as a recommendation, i suggest to take a while for read some of the post that you look interesting for your needs, some of this exploits has been talked on the forum and the most common question are answered...

if you have another question just type here and anybody can help you..

greetings from mexico
View user's profile Send private message Send e-mail Visit poster's website MSN Messenger
PostPosted: Thu Jan 05, 2006 5:42 am Reply with quote
chuan
Regular user
Regular user
Joined: Jan 05, 2006
Posts: 7




how to go about doing phpBB 2.0.6c Non-critical Sql injection and XSS?it makes me confused seeing all those programming language as i'am a newbie. Crying or Very sad
View user's profile Send private message
PostPosted: Sun Feb 19, 2006 4:27 pm Reply with quote
aicou
Beginner
Beginner
Joined: Feb 19, 2006
Posts: 1




hi
i'm a noob and i want to got a premium acount on this forum : http://xxx.xxxxxxxxxxxxxxx.xxx/xxxxxx/

could someone explain me ?
View user's profile Send private message
PostPosted: Mon Feb 20, 2006 11:42 am Reply with quote
shai-tan
Valuable expert
Valuable expert
Joined: Feb 22, 2005
Posts: 477




Please read the rules no posting of URLs in the forum.


Shai-tan

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
PostPosted: Thu Mar 02, 2006 9:58 am Reply with quote
ianmac
Regular user
Regular user
Joined: Feb 26, 2006
Posts: 6




I can't find the rules anywhere. It's hard to obey rules you can't find.
View user's profile Send private message
PostPosted: Thu Mar 02, 2006 11:26 pm Reply with quote
shai-tan
Valuable expert
Valuable expert
Joined: Feb 22, 2005
Posts: 477




Try looking in the General Forum where most people would..... there is a post called THE FORUM RULES.

_________________
Shai-tan

?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds
View user's profile Send private message
Re: how to hack phpBB 2.0.4 ?
PostPosted: Tue Jun 06, 2006 5:49 pm Reply with quote
Cumulus
Beginner
Beginner
Joined: Jun 06, 2006
Posts: 2
Location: Bangkok




showie wrote:
Can some explain me how i hack a phpbb 2.0.4 forum ?

tnx Wink


FUCK YOU!!! Twisted Evil
View user's profile Send private message
Re: how to hack phpBB 2.0.4 ?
PostPosted: Wed Jun 07, 2006 8:50 pm Reply with quote
Cumulus
Beginner
Beginner
Joined: Jun 06, 2006
Posts: 2
Location: Bangkok




showie wrote:
Can some explain me how i hack a phpbb 2.0.4 forum ?

tnx Wink


Skriv Norsk - vi vet hvem du er!
View user's profile Send private message
PostPosted: Sat Nov 10, 2007 9:45 pm Reply with quote
spearman
Beginner
Beginner
Joined: Nov 10, 2007
Posts: 1




Hi,

I need readaccess on a forum. Not sure exactly which version it is either (is there a way to check that btw?).
I do not have a user there and I can't access any files there or anything.
I don't understand enough of those hacks to even know for sure where to begin.
I have no knowledge of phpBB codes or SQL-structure.

Where would it be best to start and what to do first? I have moderate skills in PHP and MySQL, but no skills in anything else.
Any help would be appreciated Smile

-SpearMan
View user's profile Send private message
PostPosted: Sun Jul 20, 2008 9:04 pm Reply with quote
lady
Beginner
Beginner
Joined: Jul 20, 2008
Posts: 1




Invision Power Board v2.0.4

can anybody help to find out the password of the admin...I can give the rapidshare account olmost 3 month. Forum is russian, i need only password (admins), please,please somebody...I just want close my post....
other details all tell in privet messages please

sorry , my english bad....

waiting for somebody Shocked
View user's profile Send private message
how to hack phpBB 2.0.4 ?
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.106 Seconds