Solar

Mar 17 2005, 11:52 PM

Recently, an exploit has been found out that allows people to use their cookies to gain access to the ACP. And Firefox assists with it ! Basically what happens that is when you visitthe phpBB forum, it logs a cookie containing your Session ID (Basically who and when you are). What it does, after much decoding and encoding, is allows you to replace your SID with the admin's, thus enabling them to gain access. To fix this, upgrade to the latest version of phpBB, 2.0.13. Dun dun dunnnnn! Beware

Reply

Solar

Mar 18 2005, 02:04 AM

Exactly.

I've been going arond and warning people, just because I'm so nice *cough cough*

Reply

Solar

Mar 18 2005, 02:29 AM

Oh...



Link please?

Reply

Latest Entries

GMTech

Apr 4 2005, 04:28 AM

QUOTE

If you install the security mod for PHPBB, even if you used versions later than 2.0.11, that MOD still blocks those security exploits.

Really? That is cool, can you point me to where I can find this modification?
I'll see if I can find it at phpbbhacks.com...

Reply

karlo

Apr 3 2005, 09:09 AM

If you install the security mod for PHPBB, even if you used versions later than 2.0.11, that MOD still blocks those security exploits.

Reply

guangdian

Apr 3 2005, 06:44 AM

I ; m not sure I wanna asked again Do Php BB haz got the newest verison to evoid Exploit.?any one know it just reply there.

Reply

Trekkie101

Apr 2 2005, 12:27 AM

yeah, pretty much public knowledge anyway.

Theres a phpBB bug that can let you in ACP

theres a a bug in awstats that was used against the phpBB site not forums killed the server.

Reply

GuySpook

Apr 1 2005, 11:43 PM

Sounds bad i also heard there was a exploit on phpbb that would allow u to get in to ACP and the phpbb website via AWStats if anyone has info on these pls let me know:D
GuySpook

Reply

1. fix exploit-phpbb.b - 194.00 hr back. (1)
2. 2001 phpbb exploit - 513.35 hr back. (1)
3. exploit-phpbb.b - 274.23 hr back. (2)

1. Another New Exploit And One A Few Weeks Ago, We Are All At Risk From These

   A DNS exploit and a clipboard expload believe it or not! (0)

2. Hackers Hijack A Half-million Sites: Phpbb Forum Users Must Read

   (8)

   Since January, hackers have hit hit over 500,000 website, with everything you could possible
   imagine; viruses, trojans, malware etc etc. As for the types of websites, sadly to say, these
   websites who are getting hit are running PHPBB forum and the worse part is htey don't mention
   which version of the phpbb forums are getting hack. So it is safe to say any version below 3.0 is
   hackable and maybe even 3.0 itself. As for some of the stuff that is being transmitted are old and
   new, but one trojan has been identified and it is the Zlob Trojan or rather variations to th....

3. Is There An Exploit In Vista Home Premium To Make Firefox Permanant Default Browser?

   (4)

   I just got a new laptop, and of course it's loaded with vista. Everything works awesomly!
   (my last PC was from 2001, BIG DIFF.) But the damned thing compulsivly and automatically sets
   Internet Explorer to my default browser and won't let me change certain things which browsers
   will typically handle. 've manually changed it so Firefox handles all the stuff except HTTPS
   and what not (CANNOT CHANGE W/O HACK!), but IE just bumps in every time I want to click a link
   from a non-browser based file /sad.gif" style="vertical-align:middle" emoid=":(" border="....

4. Quicktime Zero Day Exploit News And Updates

   (1)

   On monday it was reported that Quicktime 7.2 and 7.3 versions come with a new exploit in which
   malware could on to a person's computer through streaming videos. They only mention that XP and
   Vista are the only affect systems and no word came about on the Mac operating system. They mention
   that a buffer overflow bug was made in which it "contains a stack buffer overflow vulnerability in
   the way Quicktime handles the RTSP Content-Type header." For those who don't know what RTSP is,
   RTSP is the Real-Time Streaming Protocol which apple uses for its QuickTime softw....

5. Zero-day Firefox Exploit

   (5)

   Link to Article: http://news.com.com/Hackers+claim+zero-day..._3-6121608.html Thought this was
   interesting. Really caught me offgaurd, didn't expect such a huge flaw on a GPL based program.
   Whats even more scary is they said they have about 30 other flaws found.......

6. Cpanel Exploit

   security hole in cPanel to hack the servers of a hosting company (8)

   A pair days ago I read this new on Slashdot: cPanel Exploit Used to Circulate IE Exploit
   QUOTE "In a dangerous combination of unpatched exploits, hackers have used a previously
   undiscovered security hole in cPanel to hack the servers of a hosting company and use hundreds of
   hijacked sites to infect Internet Explorer users with malware using the unpatched VML exploit.
   cPanel, whose hosting automation software is used by many large hosting companies, has issued a fix.
   It's a local exploit, meaning the attacker must control a cPanel account on the target hosti....

7. Attention All Ipb Users/admin

   Important exploit discovered! (6)

   Invision Power Board v2.1.6 © 2006 IPS, Inc. This is what it is written on the bottom of the
   board. Not so long ago, i was surfing somewhere, (i wont say where) and i discovered a "sql
   injection"exploit, a perl script. QUOTE(step28 in the hack) 28. Reload and click on the
   username to the admin. You are now logged in as an ADMIN!!! Admins, pm to receive
   the link where i found this. with this hack, you can log in with any user without his pass.
   It's really easy to do, you just need PERL, Opera webbrowser and 3 minutes fo your life... ....

8. Windows Xp Pro Exploit: Permission Setup Allows Access To Task Manager During Login

   even if permissions deny this abiltity. (1)

   A friend of mine was temporarily banned from the computers at my school a while ago after he
   accidentially found a way into Task Manager, which is disabled on our network. He has had his
   permissions restored now, but has no idea why he got banned in the first place. However, recently he
   explained what he did to me, and I tested it. I soon found out that, by accident, we had both
   discovered that there is a Security Exploit in networking Windows XP Professional. The exploit is
   to do with network permissions. Windows XP recieves the permission data from the network as soon....

9. Firefox Exploit

   (0)

   QUOTE Earlier this week, I blogged about a site doing a bunch of different exploits, depending
   on what you are running. One of the things the site will do is detect if you have Firefox, and
   attempt to exploit it, using the InstallVersion.compareTo() vulnerability. Read More with
   images Already found to be copying and pasting. Take this time to review our forum rules. Warning.
   ....

10. Serious Wmf Windows Exploit

    No-one is safe right now (16)

    This has blown up big time in the last 3 days: http://www.f-secure.com/weblog/ ....

11. Latest Ie Exploit

    does anyone still use this browser? (10)

    For Internet Explorer users, please note that there is a new exploit in the wild that is capable of
    compromising a fully patched and updated WinXP machine:
    http://www.eweek.com/article2/0,1759,18917...3119TX1K0000594 Microsoft has not released a fix yet.
    From the article: QUOTE IE users should immediately disable Active Scripting via the Tools >
    Internet Options > Security tab > Custom Level feature. Firefox and other alternative web
    browsers are not affected. You would have to be tricked into going to a malicious website to have
    any chance of being affecte....

12. Phpbb 2.0.18

    Released on the 31st (12)

    To anyone out there using phpBB, the next release has been sent out. Report:
    http://www.phpbb.com/phpBB/viewtopic.php?f=14&t=336756 Download:
    http://www.phpbb.com/downloads.php Additional Download for the Changed Files Only:
    http://www.phpbb.com/files/releases/change...8_repackage.zip I found an error! One of the
    reports was made by myself. Even though it was not a bug, it was about the cosmetic display on the
    index page concerning the subSilver template. As people may have noticed, the ''Mark all
    forums read'' is displayed before you even....

13. [exploit] Phpbb <=2.0.12 Vulnerability.

    How to be Admin on phpBB in Simple steps (2)

    Another vulnerability in PHPbb based forums that can be used to easily gain any user level access to
    the forum. Even the admin account is not not secure with the default setup. Click Here for more
    details about -"How to be Admin on phpBB in Simple steps!" And here is the Homepage of
    PHPbb and click here to download the latest version.....

14. Online Scams Exploit Katrina Disaster

    (10)

    In the wake of hurricane Katrina, several online scams have begun to circulate the Internet,
    according to several security firms. Sophos warned users on Thursday not to open a malware-Infected
    e-mail posing as news on the disaster. Possible subject lines of the e-mail could be QUOTE
    "Re: g8 Tropical storm flooded New Orleans", "Re: g7 80 percent of our city underwater", and "Re:
    q1 Katrina killed as many as 80 people". The group said there could be additional variants.
    BetaNews on Thursday morning had received a variant of the above e-mails, however it app....

15. [exploit] Cpanel Versions Below And Equal To 9x

    (7)

    Exploit for cPanel versions below and equal to 9x that takes advantage of a remote command execution
    vulnerability. /* cPanel */ //headers #include //In/Out #include //sockets functions
    #include //memory functions #include //strlen,strcat,strcpy #pragma comment(lib,"ws2_32.lib")
    //for compile with dev-c++ link to "libws2_32.lib" #define Port 2082 //port for connect to cPanel
    #define SIZE 1024 //buffer size to receive the data /*connect host:port*/ SOCKET Conecta(char
    *Host, short puerto) { /*struct for make the socket*/ WSADATA wsaData; SOCKET Winsock;//l....

16. [exploit] Microsoft Server Message Block

    (SMB) Remote Exploit (MS05-011) (0)

    Microsoft Server Message Block (SMB) Remote Exploit (MS05-011) /* * Windows SMB Client
    Transaction Response Handling * * MS05-011 * CAN-2005-0045 * * This works against Win2k * *
    cybertronic gmx net * http://www.livejournal.com/users/cybertronic/ * * usage: * gcc -o mssmb_poc
    mssmb_poc.c * ./mssmb_poc * * connect via \\ip * and hit the netbios folder! * *
    ***STOP: 0x00000050 (0xF115B000,0x00000001,0xFAF24690, * 0x00000000) * PAGE_FAULT_IN_NONPAGED_AREA *
    * The Client reboots immediately * * Technical Details: * ----------------- * * The driver MRXSMB.S....

17. [exploit] Microsoft Internet Explorer Com Objects

    File Download Exploit (MS05-038) (0)

    Microsoft Internet Explorer COM Objects File Download Exploit (MS05-038)
    /*+++++++++++++++++++++++++++++++++++++++++++++++ Ms05 038 exploit POC Write By ZwelL 2005 8 11
    http://www.donews.net/zwell zwell@sohu.com Some code belongs to Lion(cnhonker), regards to him.
    This code tested on Windows 2003 -----------------------------------------------*/ #include
    #include #pragma comment(lib, "ws2_32") // Use for find the ASM code #define PROC_BEGIN __asm
    _emit 0x90 __asm _emit 0x90\ __asm _emit 0x90 __asm _emit 0x90\ __asm _emit 0x90 __asm
    _emit 0x90\....

18. [exploit] Phpbb 2.0.15 "viewtopic.php"

    Remote PHP Code Execution Exploit (3)

    phpBB 2.0.15 "viewtopic.php" Remote PHP Code Execution Exploit #!/usr/bin/pyth0n print
    "\nphpBB 2.0.15 arbitrary command execution eXploit" print " 2005 by rattle@awarenetwork.org"
    print " well, just because there is none." import sys from urllib2 import Request, urlopen from
    urlparse import urlparse, urlunparse from urllib import quote as quote_plus INITTAG = ' '
    ENDTAG = ' ' def makecmd(cmd): return reduce(lambda x,y: x+'.chr(%d)'%ord(y),cmd
    ,'chr(%d)'%ord(cmd )) _ex = "%sviewtopic.php?t=%s&highlight=%%27." _ex += ....

19. [exploit] Microsoft Windows 2000 Plug And Play

    Universal Exploit (0)

    Microsoft Windows 2000 Plug and Play Universal Remote Exploit (MS05-039) /* Windows 2000
    universal exploit for MS05-039 -\x6d\x35\x6c\x30\x6e\x6e\x79- */
    #include #include #include #include #include #include #include #pragma comment(lib,
    "mpr") #pragma comment(lib, "Rpcrt4") BYTE Data1 =
    {0x11,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x11,0x00,0x00,0x00,
    0x52,0x00,0x4F,0x00,0x4F,0x00,0x54,0x00,0x5C,0x00,0x53,0x00,
    0x59,0x00,0x53,0x00,0x54,0x00,0x45,0x00,0x4D,0x00,0x5C,0x00,
    0x30,0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x00,0x0....

20. [exploit] Microsoft Windows Remote Desktop Dos

    (0)

    Microsoft Windows Remote Desktop Protocol DoS Exploit (MS05-041) // Windows XP SP2
    'rdpwd.sys' Remote Kernel DoS // // Discovered by: // Tom Ferris // tommy
    security-protocols com // // Tested on: // Microsoft Windows XP SP2 // // Usage (SPIKE) :
    ./generic_send_tcp 192.168.1.100 3389 remoteass.spk 1 0 // // 8/9/2005 Security-Protocols.com // //
    This program is free software; you can redistribute it and/or modify it under // the terms of the
    GNU General Public License version 2, 1991 as published by // the Free Software Foundation.
    s_block_start("packet_1....

21. [exploit] Microsoft Windows 2000 Plug And Play

    (1)

    Microsoft Windows 2000 Plug and Play Universal Remote Exploit #2 (MS05-039) /*
    HOD-ms05039-pnp-expl.c: 2005-08-10: PUBLIC v.0.2 * * Copyright © 2005 houseofdabus. * * (MS05-039)
    Microsoft Windows Plug-and-Play Service Remote Overflow * Universal Exploit + no crash shellcode * *
    .:: ::. * * --------------------------------------------------------------------- * Description: * A
    remote code execution and local elevation of privilege * vulnerability exists in Plug and Play that
    could allow an * attacker who successfully exploited this vulnerability to take * complete con....

22. [exploit] Sun Solaris "printd" Daemon

    Remote Arbitrary File Deletion (0)

    ## # This file is part of the Metasploit Framework and may be redistributed # according to the
    licenses defined in the Authors field below. In the # case of an unknown or missing license, this
    file defaults to the same # license as the core Framework (dual GPLv2 and Artistic). The latest #
    version of the Framework can always be obtained from metasploit.com. ## package
    Msf::Exploit::solaris_lpd_unlink; use base "Msf::Exploit"; use IO::Socket; use IO::Select; use
    strict; use Pex::Text; my $advanced = { }; my $info = { 'Name' => 'Solaris
    LPD Arbit....

23. Ms Internet Explorer Com Objects File Dl Exploit

    (1)

    another internet explorer aecurity hole! /blink.gif' border='0' style='vertical-align:middle'
    alt='blink.gif' /> here 's the exploit : http://www.milw0rm.com/id.php?id=1148 ....

24. Microsoft Windows Plug-and-play Exploit

    (0)

    wow, you can get this famous vulnerabilty exploit here: http://www.milw0rm.com/id.php?id=1149
    have fun /smile.gif' border='0' style='vertical-align:middle' alt='smile.gif' /> ....

25. And Again A New Phpbb

    phpBB 2.0.17 (17)

    Again got me a nice email from phpBB group...: QUOTE Hi everyone, phpBB Group announces the
    release of phpBB 2.0.17, the "no, we did not forget naming it last time" release. This release
    addresses several bugfixes and some low security issues as well as the recently seemingly
    wide-spread XSS issue (only affecting Internet Explorer). Please have a look down this announcement
    for the code changes necessary to fix the XSS issue, we are again astounded about the energy people
    put into finding the smallest issue in phpBB 2.0.x, those must have a lot of time available. ....

26. Phpbb 2.0.16 Is Out!

    A new version again... (8)

    PhpBB, one of the most popular PHP based forums is here out in the form of a new version - 2.0.16. A
    few critical issues were corrected, but other than that, nothing special... Still waiting for
    Olympus /sad.gif' border='0' style='vertical-align:middle' alt='sad.gif' /> QUOTE Hi
    everyone, phpBB Group announces the release of phpBB 2.0.16. This release addresses some bugfixes
    and one critical security issue. To fix this, please apply the following change: In viewtopic.php
    Find: CODE $message = str_replace('"', '"', substr....

27. Phpbb Upload Script "up.php" Arbitrary File Upload

    (0)

    To: BugTraq Subject: phpBB Upload Script "up.php" Arbitrary File Upload Date: Apr 8 2005 2:21AM
    Author: Status-x Message-ID:
    ##################################################################### Advisory #1 "phpBB Upload
    Script "up.php" Arbitrary File Upload" $ Author: Status-x $ Contact: phr4xz gmail com -
    status-x hackersoft net $ Date: 7 April 2005 $ Website: http://defacers.com.mx $
    Original Advisory: http://www.defacers.com.mx/advisories/2.txt $ Risk: High $ Vendor
    URL: http://phpbb.com $ Affected Software: phpB....

28. Phpbb 2.0.15 Is Out!

    (15)

    phpBB 2.0.15 is out! It has a few bugfixes and improved security features. Don't wait to be
    a victim of an exploit! You can download it from here: http://www.phpbb.com/downloads.php
    Here is the notification e-mail that I have received: QUOTE("The phpBB team") Hi everyone,
    phpBB Group announces the release of phpBB 2.0.15, the "summer needs to be hot" release. This
    release addresses some bugfixes and addressing some security issues, one being serious. With this
    release the admin re-authentication security feature from phpBB Olympus has been backported....

29. Bugs Found In Phpbb 2.0.13

    PhpBB 2.0.14 released to fix them (8)

    Recently, a few exploits were made for phpBB 2.0.13 (like this one):
    http://lists.virus.org/bugtraq-0503/msg00109.html And some bugs were noticed as well (like this
    one): http://www.addict3d.org/index.php?page=vie...ecurity&ID=3563 And so, the phpBB team has
    released a new version of phpBB - 2.0.14. Here is the e-mail that I have received from their mailing
    list: QUOTE(phpBB list) Hi everyone, phpBB Group announces the release of phpBB 2.0.14, the "We
    know we are (not) furry" edition. This release addresses some bugfixes as well as fixing some minor
    non-critic....

30. Phpbb Hackers

    LOL (21)

    I got an email today: The following is an email sent to you by an administrator of "KORUPTION OWNZ
    YOUR S****Y SITE". If this message is spam, contains abusive or other comments you find offensive
    please contact the webmaster of the board at the following address: korupted@korupted.com Include
    this full email (particularly the headers). Message sent to you follows:
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Dear members. Your petty website has been hacked. The hacker's
    name is Koruption. Next time dont use a outdated verison of phpbb b***hes So im a bit pissed off
    and chec....



Looking for phpbb, exploit