2176 matches found
phpBB 2.0.12 - Session Handling Authentication Bypass
phpBB 2.0.12 - Session Handling Authentication Bypass phpBB 2.0.12 Session Handling Authentication Bypass .. easy to use exploit .. YOU DON'T HAVE TO REGISTER AT THE VICTIM'S FORUM.. 1- Simply VISIT the forum using Mozilla Firefox.. and be sure that the cookie is made : 3- Close the Browser .. 2-...
phpBB 2.0.12 - Session Handling Authentication Bypass
phpBB 2.0.12 Session Handling Authentication Bypass .. easy to use exploit .. YOU DON'T HAVE TO REGISTER AT THE VICTIM'S FORUM.. 1- Simply VISIT the forum using Mozilla Firefox.. and be sure that the cookie is made : 3- Close the Browser .. 2- Open the cookies.txt ..located on "C:\Documents and...
phpBB <= 2.0.12 Session Handling Authentication Bypass (tutorial 2)
No description provided by source. phpBB 2.0.12 Session Handling Authentication Bypass .. easy to use exploit .. YOU DON'T HAVE TO REGISTER AT THE VICTIM'S FORUM.. 1- Simply VISIT the forum using Mozilla Firefox.. and be sure that the cookie is made : 3- Close the Browser .. 2- Open the cookies.t...
phpBB 2.0.13 - user level exploit
This one goes for all phpBB versions up to 2.0.13. While applying and testing the patch for the autologin bug I found that phpBB2 doesn't reset the $userdata'userlevel' variable after a failed autologin. This is the vulvernable code in sessions.php: if $userid != ANONYMOUS $autologinkey =...
phpBB <= 2.0.13 Multiple Vulnerabilities
According to its banner, the remote host is running a version of phpBB that suffers from multiple flaws: - A Path Disclosure Vulnerability A remote attacker can cause phpBB to reveal its installation path via a direct request to the script 'db/oracle.php'. - A Cross-Site Scripting Vulnerability T...
CVE-2005-0673
CVE-2005-0673 affects phpBB 2.0.13 via Cross-site scripting in usercp_register.php, enabling remote attackers to inject arbitrary HTML/JS by manipulating (1) allowhtml, (2) allowbbcode, or (3) allowsmilies in signatures associated with privmsg.php or viewtopic.php. Documented impact is limited to...
CVE-2005-0673
Cross-site scripting XSS vulnerability in usercpregister.php for phpBB 2.0.13 allows remote attackers to inject arbitrary web script or HTML by setting the 1 allowhtml, 2 allowbbcode, or 3 allowsmilies parameters to inject HTML into signatures for personal messages, possibly when they are process...
CVE-2005-0659
phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive information via a direct request to oracle.php, which reveals the path in a PHP error message...
CVE-2005-0659
CVE-2005-0659 affects phpBB 2.0.13 and earlier. A direct request to oracle.php can disclose the installation path via a PHP error message, enabling remote disclosure of sensitive information. This mode provides the vulnerability description, affected software, and the underlying cause (path discl...
phpBB < 2.0.14 Cookie Authentication Bypass and SQL Injection Vulnerabilities
Binary data 2674.prm...
phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED-
----------------------------------- phpBB 2.0.12 Session Handling Administrator Authentication Bypass EXPLOIT -SIMPLIFIED- - By PPC^Rebyte ----------------------------------- 03maa2005 NEDERLANDSE VERSIE ONDERAAN / DUTCH VERSION BELOW ENGLISH VERSION Status phpBB has already been informed about...
-==phpBB 2.0.13 Full path disclosure==-
/ -------------------------------------------------------- Neo Security Team NST® - Advisory 09 - 03/03/05 -------------------------------------------------------- Program: phpBB 2.0.13 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.13 & Lower versions Risk: Low Risk!! Impact: Full...
phpBB <= 2.0.12 Session Handling Authentication Bypass (tutorial)
No description provided by source. 1. Register at forum? 2. Log in with account + UNCHECK "Log in automatically" 3. Close browser to be sure a cookie is made. 4. Locate cookie firefox: X:\Documents and Settings\Name\Application Data\Mozilla\Firefox\Profiles\profile.default\cookies.txt -- search t...
phpBB 2.0.12 - Session Handling Authentication Bypass (tutorial)
Register at forum? 2. Log in with account + UNCHECK "Log in automatically" 3. Close browser to be sure a cookie is made. 4. Locate cookie firefox: X:\Documents and Settings\Name\Application Data\Mozilla\Firefox\Profiles\profile.default\cookies.txt -- search the .txt for the domainname domain.tld...
phpBB 2.0.12 - Session Handling Authentication Bypass (tutorial)
phpBB 2.0.12 - Session Handling Authentication Bypass tutorial 1. Register at forum? 2. Log in with account + UNCHECK "Log in automatically" 3. Close browser to be sure a cookie is made. 4. Locate cookie firefox: X:\Documents and Settings\Name\Application...
phpbb2013.txt
/ -------------------------------------------------------- Neo Security Team NST® - Advisory 08 - 29/02/05 -------------------------------------------------------- Program: phpBB 2.0.13 Homepage: http://www.phpbb.com Vulnerable Versions: phpBB 2.0.13 & Lower versions Risk: Low Risk Impact: bbcode...
CVE-2005-0614
sessions.php in phpBB 2.0.12 and earlier allows remote attackers to gain administrator privileges via the autologinid value in a cookie...
CVE-2005-0614
Affected software/component: phpBB (versions
GLSA-200503-02 : phpBB: Multiple vulnerabilities
The remote host is affected by the vulnerability described in GLSA-200503-02 phpBB: Multiple vulnerabilities It was discovered that phpBB contains a flaw in the session handling code and a path disclosure bug. AnthraX101 discovered that phpBB allows local users to read arbitrary files, if the...
CVE-2005-0603
The CVE-2005-0603 entry concerns phpBB up to version 2.0.12 where the viewtopic.php endpoint mishandles the highlight parameter containing invalid regular expression syntax. This causes a PHP error message that reveals the installation path, constituting a path disclosure vulnerability. Affected ...