[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED-

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED-
From: Matthias <admin@xxxxxxx>
Date: Mon, 07 Mar 2005 18:21:00 +0100

Wesley aka PPC wrote:

-----------------------------------
   phpBB 2.0.12 Session Handling
   Administrator Authentication
   Bypass EXPLOIT -SIMPLIFIED-
               - By PPC^Rebyte
-----------------------------------

...

3* Preparation
______________

1. Register at forum?

2. Log in with account
   + UNCHECK "Log in automatically"

...

you do not need to register and login, if you browse on a forum
a ANONYMOUS (id=0) Session is opened and a Cookie created.

Now you must delete the phpbb2_sid cookie and write the exploit
code in the phpbb2_data cookie.

So you don't must login.

References:
- phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED-
  - From: Wesley aka PPC

Prev by Date: thoughts and a possible solution on homograph attacks
Next by Date: Gene6 FTP Server Local Privilege Escalation Vulnerability
Previous by thread: phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED-
Next by thread: LOOKNMEET HTML INJECT EXPLOIT
Index(es):
- Date
- Thread