Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass Exploit

To: thephuket@xxxxxxxxxx
Subject: Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass Exploit
From: comsatcat <comsatcat@xxxxxxxxxxxxx>
Date: Mon, 07 Mar 2005 13:10:19 -0700
Cc: bugtraq@xxxxxxxxxxxxxxxxx
In-reply-to: <20050307173739.D7A6E5C0038@xxxxxxxxxxxxxxxxxxx>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm
Posted-date: Mon, 7 Mar 2005 13:10:15 -0700
References: <20050307173739.D7A6E5C0038@xxxxxxxxxxxxxxxxxxx>

On Mon, 2005-03-07 at 10:37 -0700, thephuket@xxxxxxxxxx wrote:
> Just a simple Perl Script for this exploit. 
> I hope it is usefull for some of you  
> 
> 
> ------------------------------------------------------------------------------------------------
> 
> #!/usr/bin/perl
> 
> #   phpBB 2.0.12 Session Handling Administrator Authentication
> #   Bypass EXPLOIT

Also works against 2.0.13.

References:
- phpBB 2.0.12 Session Handling Administrator Authentication Bypass Exploit
  - From: thephuket

Prev by Date: Re: Gene6 FTP Server Local Privilege Escalation Vulnerability
Next by Date: Multiples Vulnerabilities
Previous by thread: Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass Exploit
Next by thread: thoughts and a possible solution on homograph attacks
Index(es):
- Date
- Thread