Posts: 2468 Location: Brighton, UK Joined: 30.11.04 Rank: Uber Elite
Posted on 09-11-05 17:11
this person has a database backup.
except in this, it doesnt have any database details. all the possible hashes have been cracked with a 200mb dictionary. Sadly the admins hashes havnt been cracked + they dont use the same pass for everything.
so, this person is still stuck, on how to get the database details, and more importantly, how to upload a file.
RE: phpBB Group
Posts: Location: Joined: 01.01.70 Rank: Guest
Posted on 09-11-05 17:34
i think u should use export functions.. but i have never seen 2.0.11 admin panel... in 8 it does
Posts: 358 Location: USA Joined: 19.03.05 Rank: Moderate
Posted on 09-11-05 18:01
Mr_Cheese: well, i would recommend that this said person subscribe to bugtraq, vuln-dev and full disclosure. there were 2 recent exploits release for phpBB. the older one is an SQL injection that allows any user to become admin instantly. the other will let admins run commands on the server with the UID of the HTTPd (possibly Apache?).