Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED-

[Matthias <admin () n0ki de>]

Wesley aka PPC wrote:
> -----------------------------------
>
>    phpBB 2.0.12 Session Handling
>    Administrator Authentication
>    Bypass EXPLOIT -SIMPLIFIED-
>                - By PPC^Rebyte
>
> -----------------------------------
...
> 3* Preparation
> ______________
>
> 1. Register at forum?
>
> 2. Log in with account
>    + UNCHECK "Log in automatically"
...

you do not need to register and login, if you browse on a forum
a ANONYMOUS (id=0) Session is opened and a Cookie created.

Now you must delete the phpbb2_sid cookie and write the exploit
code in the phpbb2_data cookie.

So you don't must login.