<<< Date Index >>>     <<< Thread Index >>>

Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED-



Wesley aka PPC wrote:

-----------------------------------

   phpBB 2.0.12 Session Handling
   Administrator Authentication
   Bypass EXPLOIT -SIMPLIFIED-
               - By PPC^Rebyte

-----------------------------------

...
3* Preparation
______________

1. Register at forum?

2. Log in with account
   + UNCHECK "Log in automatically"

...

you do not need to register and login, if you browse on a forum
a ANONYMOUS (id=0) Session is opened and a Cookie created.

Now you must delete the phpbb2_sid cookie and write the exploit
code in the phpbb2_data cookie.

So you don't must login.