Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED-

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED-
From: Matthias <admin@xxxxxxx>
Date: Mon, 07 Mar 2005 18:21:00 +0100
In-reply-to: <20050304203759.21332.qmail@xxxxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
References: <20050304203759.21332.qmail@xxxxxxxxxxxxxxxxxxxxx>
User-agent: Mozilla Thunderbird 1.0 (Windows/20041206)

Wesley aka PPC wrote:


-----------------------------------

   phpBB 2.0.12 Session Handling
   Administrator Authentication
   Bypass EXPLOIT -SIMPLIFIED-
               - By PPC^Rebyte

-----------------------------------

...

3* Preparation
______________

1. Register at forum?

2. Log in with account
   + UNCHECK "Log in automatically"

...

you do not need to register and login, if you browse on a forum
a ANONYMOUS (id=0) Session is opened and a Cookie created.

Now you must delete the phpbb2_sid cookie and write the exploit
code in the phpbb2_data cookie.

So you don't must login.

References:
- phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED-
  - From: Wesley aka PPC

Prev by Date: thoughts and a possible solution on homograph attacks
Next by Date: Gene6 FTP Server Local Privilege Escalation Vulnerability
Previous by thread: phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED-
Next by thread: LOOKNMEET HTML INJECT EXPLOIT
Index(es):
- Date
- Thread