Follow us on Twitter!
One mans freedom fighter, another's terrorist.
Saturday, April 19, 2014
Navigation
Home
HellBoundHackers Main:
HellBoundHackers Find:
HellBoundHackers Information:
Learn
Communicate
Submit
Shop
Challenges
HellBoundHackers Exploit:
HellBoundHackers Programming:
HellBoundHackers Think:
HellBoundHackers Track:
HellBoundHackers Patch:
HellBoundHackers Other:
HellBoundHackers Need Help?
Other
Members Online
Total Online: 24
Guests Online: 23
Members Online: 1

Registered Members: 82832
Newest Member: SerMSYS
Latest Articles
View Thread

HellBound Hackers | Computer General | Hacking in general

Author

phpBB UID Exploit and Exploits in general


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-05-05 17:17
I am trying to use phpBB UID Exploit http://www.securi. . .0UF5M.html, but have serious problems. Probably this is because my lack of knowledge of c programming. I am trying to find detailed instructions for couple of days.
How can I execute this script (I know it is nobish question)?
Where is cookies.txt (from Firefox) located??
Phpbb_exploit.exe in code is really strange to me, wtf is this file?
Tnx

Demn I need to learn c (or c++) programming!!
Author

RE: phpBB UID Exploit and Exploits in general

Mr_Cheese




Posts: 2468
Location: Brighton, UK
Joined: 30.11.04
Rank:
Uber Elite
Posted on 23-05-05 18:03
instead of compiling a exe, just put that information manually into your cookie. That will work too.


http://www.hellboundhackers.org/
Author

RE: phpBB UID Exploit and Exploits in general


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-05-05 18:53
Yeah like Mr_Cheese allready said you can do it yourself without the use of the program.
If you run on windows you have to look in your C hdd:
c -> Documents and Settings -> your username -> Application data -> Mozilla ->Firefox ->Profiles -> then there is a map with a random name, open that and in there you will find a cookies.txt file

Now after you logged into the board go to the cookies.txt file and then change whatever is behind the "phpbbmysql_data=" var into a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D (this logs you in as an admin on the board cause userid 2 is admin in most cases.

then you save the cookies.txt file and you revisit the site, if it's vurnable you are now logged in as admin.

This exploit works because of an error in the data parsing causing an exploit with boolean values. But if you don't log in as admin then they must have changed it manually.

Hope this helped you in a way Wink
//+ i am not responsible for what you do with this, pure educational of course Smile
// if you need any extra help just pm me





Edited by on 23-05-05 18:55
Author

RE: phpBB UID Exploit and Exploits in general


Member

Your avatar

Posts:
Location:
Joined: 01.01.70
Rank:
Guest
Posted on 23-05-05 20:05
Tnx I manage to change it by hand, but I still need to learn C Wink