Waraxe IT Security Portal
Login or Register
November 24, 2024
Menu
Home
Logout
Discussions
Forums
Members List
IRC chat
Tools
Base64 coder
MD5 hash
CRC32 checksum
ROT13 coder
SHA-1 hash
URL-decoder
Sql Char Encoder
Affiliates
y3dips ITsec
Md5 Cracker
User Manuals
AlbumNow
Content
Content
Sections
FAQ
Top
Info
Feedback
Recommend Us
Search
Journal
Your Account
User Info
Welcome, Anonymous
Nickname
Password
(Register)

Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144

People Online:
Visitors: 45
Members: 0
Total: 45
Full disclosure
APPLE-SA-11-19-2024-5 macOS Sequoia 15.1.1
Local Privilege Escalations in needrestart
APPLE-SA-11-19-2024-4 iOS 17.7.2 and iPadOS 17.7.2
APPLE-SA-11-19-2024-3 iOS 18.1.1 and iPadOS 18.1.1
APPLE-SA-11-19-2024-2 visionOS 2.1.1
APPLE-SA-11-19-2024-1 Safari 18.1.1
Reflected XSS - fronsetiav1.1
XXE OOB - fronsetiav1.1
St. Poelten UAS | Path Traversal in Korenix JetPort 5601
St. Poelten UAS | Multiple Stored Cross-Site Scripting in SEH utnserver Pro
Apple web content filter bypass allows unrestricted access to blocked content (macOS/iOS/iPadOS/visionO S/watchOS)
SEC Consult SA-20241112-0 :: Multiple vulnerabilities in Siemens Energy Omnivise T3000 (CVE-2024-38876, CVE-2024-38877, CVE-2024-38878, CVE-2024-38879)
Security issue in the TX Text Control .NET Server for ASP.NET.
SEC Consult SA-20241107-0 :: Multiple Vulnerabilities in HASOMED Elefant and Elefant Software Updater
Unsafe eval() in TestRail CLI
Log in Register Forum FAQ Memberlist Search
IT Security and Insecurity Portal

www.waraxe.us Forum Index -> Newbies corner -> SMF exploit problem to start !
Post new topicReply to topic View previous topic :: View next topic
SMF exploit problem to start !
PostPosted: Sun Jun 15, 2008 9:52 pm Reply with quote
France
Regular user
Regular user
Joined: May 14, 2008
Posts: 10




Hi there is one new exploit for SMF but i don't know how to use it.You can see here :

Code:
http://www.devside.net/blog/smf-exploit-like-phpbb-hack


One good tut will be nice.This was writen for Linux user but i don't use Linux ! Embarassed
View user's profile Send private message
PostPosted: Mon Jun 16, 2008 1:10 am Reply with quote
gibbocool
Advanced user
Advanced user
Joined: Jan 22, 2008
Posts: 208




That isnt an advisory, it's just someone writing about how their forum got hacked. Use milw0rm to find real hacks. But this is your lucky day! There was one released just yesterday for SMF <=1.1.4. http://milw0rm.com/exploits/5826

If the exploit runs succesfully but you are not admin, then this is because register_globals is OFF on the target server.

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
PostPosted: Mon Jun 16, 2008 4:27 am Reply with quote
France
Regular user
Regular user
Joined: May 14, 2008
Posts: 10




Thank you !
View user's profile Send private message
PostPosted: Tue Jun 17, 2008 7:23 am Reply with quote
tinman
Active user
Active user
Joined: May 11, 2008
Posts: 37




I've had a play with this but a lack of documentation does not help. What I get with it (target is smf 1.1.4) is this:

[.] Exploit Starts.
[+] Trying to read Sesc
[-] Unable to find Sesc

I've tried using a registered user id and the session ID from Live HTTP headers being logged in as that user - but that may be the wrong way of doing it.

Any ideas?
View user's profile Send private message
PostPosted: Tue Jun 17, 2008 8:02 am Reply with quote
y3dips
Valuable expert
Valuable expert
Joined: Feb 25, 2005
Posts: 281
Location: Indonesia




knock..knock,
is just because its already patched ? Rolling Eyes

_________________
IO::y3dips->new(http://clog.ammar.web.id);
View user's profile Send private message Visit poster's website Yahoo Messenger
PostPosted: Tue Jun 17, 2008 8:52 am Reply with quote
tinman
Active user
Active user
Joined: May 11, 2008
Posts: 37




Thanks anyway!
View user's profile Send private message
PostPosted: Tue Jun 17, 2008 11:00 am Reply with quote
gibbocool
Advanced user
Advanced user
Joined: Jan 22, 2008
Posts: 208




tinman wrote:
I've had a play with this but a lack of documentation does not help. What I get with it (target is smf 1.1.4) is this:

[.] Exploit Starts.
[+] Trying to read Sesc
[-] Unable to find Sesc

I've tried using a registered user id and the session ID from Live HTTP headers being logged in as that user - but that may be the wrong way of doing it.

Any ideas?

It's unlikely it's patched. I had a good play too, and got it to work on my own site as well as compromising another site Laughing

Basically it's the PHPSESSID cookie that you need. So dont use the headers, just get a cookie editor and find the PHPSESSID for that site. You also need to login with your own account before hand.

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
PostPosted: Tue Jun 17, 2008 11:53 am Reply with quote
tinman
Active user
Active user
Joined: May 11, 2008
Posts: 37




I got the session ID from 'live http headers' in firefox. I cut/paste it from the cookie section:

Code:
Cookie: __utmz=61161705.1212840634.1.1.utmccn=(direct)|utmcsr=(direct)|utmcmd=(none); __utma=61161705.153459717.1212840634.1213630953.1213686234.6; SMFCookie10=a%3A4%3A%7Bi%3A0%3Bs%3A3%3A%22985%22%3Bi%3A1%3Bs%3A40%3A%2214af95972fdc6cac5399ca59d9b48b434cf2ced5%22%3Bi%3A2%3Bi%3A1402057777%3Bi%3A3%3Bi%3A0%3B%7D; _c=y; __utmc=61161705; PHPSESSID=947e68b5215e1529641bd73a8c6951f7


Specifically the PHPSESSID:
Code:
947e68b5215e1529641bd73a8c6951f7


I tried it with the admin user ID number and my own user ID number with the above session ID - but they are no go. The board shows 1.1.4. on the footer
View user's profile Send private message
PostPosted: Tue Jun 17, 2008 11:49 pm Reply with quote
gibbocool
Advanced user
Advanced user
Joined: Jan 22, 2008
Posts: 208




Strange, try delete the cookie. It will only work on your account btw, because it's your session.

_________________
http://www.gibbocool.com
View user's profile Send private message Visit poster's website
SMF exploit problem to start !
www.waraxe.us Forum Index -> Newbies corner
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
All times are GMT
Page 1 of 1

Post new topicReply to topic


Powered by phpBB © 2001-2008 phpBB Group



Space Raider game for Android, free download - Space Raider gameplay video - Zone Raider mobile games
All logos and trademarks in this site are property of their respective owner. The comments and posts are property of their posters, all the rest (c) 2004-2024 Janek Vind "waraxe"
Page Generation: 0.046 Seconds