Bugtraq mailing list archives
Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED-
From: Matthias <admin () n0ki de>
Date: Mon, 07 Mar 2005 18:21:00 +0100
Wesley aka PPC wrote:
----------------------------------- phpBB 2.0.12 Session Handling Administrator Authentication Bypass EXPLOIT -SIMPLIFIED- - By PPC^Rebyte -----------------------------------
...
3* Preparation ______________ 1. Register at forum? 2. Log in with account + UNCHECK "Log in automatically"
... you do not need to register and login, if you browse on a forum a ANONYMOUS (id=0) Session is opened and a Cookie created. Now you must delete the phpbb2_sid cookie and write the exploit code in the phpbb2_data cookie. So you don't must login.
Current thread:
- phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED- Wesley aka PPC (Mar 04)
- Re: phpBB 2.0.12 Session Handling Administrator Authentication Bypass -SIMPLIFIED- Matthias (Mar 07)