Donate to us via Paypal!
Society leans ever heavily on computers, if you have the power to take out computers you can take out society. - cubeman372
Saturday, November 28, 2020
Navigation
Home
 Find:
 Information:
Learn
Communicate
Submit
Shop
Challenges
 Exploit:
 Programming:
 Think:
 Track:
 Patch:
 Other:
 Need Help?
Other
Members Online
Total Online: 80
Guests Online: 79
Members Online: 1

Registered Members: 130552
Newest Member: Johnfoege
Latest Articles

View Thread

HellBound Hackers | Computer General | Web hacking

Author

PhpBB admin pannel vulnerability


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-05-05 17:50
Let's assume I get access to admin pannel Is it possible to upload a file to server (or insert exploit -> php code) in any part of forum or admin pannel. Hope I was clear enought. Tnx
Author

RE: PhpBB admin pannel vulnerability

Mr_Cheese
Member



Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 24-05-05 18:35
write a php upload script, then upload webadmin.

easy!


Author

RE: PhpBB admin pannel vulnerability


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-05-05 18:40
Well when you login as admin go to the general admin -> configuration -> Allowed HTML tags and there for instance put in
script or so, you know what to input Wink
then you can use those html tags in each forum post you make.

For the inputting of source maybe this way




Edited by on 24-05-05 21:25
Author

RE: PhpBB admin pannel vulnerability


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-05-05 20:30
I have still problems with it, there is no problem to write php upload script, but how can I get it to work. In configuration I can write html code, but what about php? Or is there any other option to include my upload script (with html, javascript)?
Author

RE: PhpBB admin pannel vulnerability

Mr_Cheese
Member



Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 24-05-05 21:05
we are also having the same problems.

Anarchio-Hippie and i are using the [script language="php"] to get php onto a page. However, the forum doesnt seem to like php.

We are still working on a way round this, so if we find anything, we will post it.


Author

RE: PhpBB admin pannel vulnerability


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-05-05 21:40
I read your reply on the post i made but i think i explained wrong.
the allow html commands box contains all the commands that are accepted so that you can post in a post in the forums, so by adding script to that line you can post script language in a post.
So for instance make a cookie stealer etc

Hope i explained it a little better now Wink

+ make sure to put the html code on, also something you do in the configuration menu






Edited by on 24-05-05 21:41
Author

RE: PhpBB admin pannel vulnerability


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 24-05-05 22:03
I know there is no problem to use this form for html or javascript. But I don't find any option to use php (or probably any server side languages). So if I have acess to adimin pannel, there is still no option to get acess to files on server.
If somebody find the option it would be great.
Author

RE: PhpBB admin pannel vulnerability


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-05-05 02:30
I think you would have to use webadmin and then write it in yourself. sort of like what you did with the team cheese site during webwars! Wink
Author

RE: PhpBB admin pannel vulnerability


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 25-05-05 08:26
Omni there is no problem to write an upload script (or webadmin if you like it). Problem is to put it to server, so you can use it.
Author

RE: PhpBB admin pannel vulnerability


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-10-06 06:23
does anyone know where to find a version of webadmin thay actually works?
Author

RE: PhpBB admin pannel vulnerability


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 30-10-06 06:35
..well, get to an phpBB panel and read!! Not to hard.