Tuesday, 31 July 2012

[EN] phpBB3 3.0.10 "Text-insertion bug"



Hi,

I found weird bug in phpBB3 (3.0.10).

Once again, when I'm doing webapp pentests,
vulnerable parameter is 'connected' with date (functions).

Here You have some source code from text added (permanently) to phpBB board:

Example 1:



Example 2:


If You need more details about it, let me know via comments or e-mail.

Cheers! :)

Sunday, 29 July 2012

[EN] 2 codes for building payloads

Hi,

If You like playing with Burp or Paros, probably You will get the idea
of :

/*
 * ascii2html.c - simple payload coder
 */

#include <stdio.h>
int main(){
    char ch;
   
    printf("what to say:\n");
    while((ch = getchar()) != NULL){
        printf("&#%d",ch);
    }
    return 0;
}
 and:

/*
 * ascii2url.c - simple payload coder(2)
 */

#include <stdio.h>
int main(){
 char ch;

 printf("what to say:\n");
 while((ch = getchar()) != NULL){
  printf("%%%x",ch);
 }
 return 0;
}
Idea is simple, so maybe it will helps ;) Enjoy o/

[EN] Hacking vBulletin 4.2.0 via Google... :)


Hi,

I saw that few of You are watching me from some forums about let's say
'security'. ;)

That's how I found a simple trick to bypass 'authorized view only'
if You're using (last) vBulletin 4.2.0.

Ok, so. Example:
I found at stats few links like:
http://some-security;)-for.um/post-for-logged-in.bla

When I want to copy/paste this link in address bar there will be 'error':
"You are not logged in.", etc, etc...

But :)

...we can try to do one things to check this 'logged-only' content/site:)

1. Copy/paste Your '4logged-only'-link and search it via google.com
2. Next, go after 'copy' link.
3. Tadam! :D Content for logged-in users.

Enjoy ;)

o/

Thursday, 26 July 2012

[EN] phpBB3 SQL Injection - updated (31.07)

Hello :)

After a little break and multiple tasks to do, few minutes ago I found one surprise
in latest phpBB3.

This is 'so called' sql-information-leak via parameter manipulation (related to SQL).

I will not public full information today, because maybe some of You want to test Your installations before.

If so - let me know. Maybe I should help with full webapp pentest.


* updated 10:11 *
- Found second vulnerable parameter :)

* updated 28.07 *
- another two parameters are vulnerable

* updated 31.08 *
 Detailed story once again at PacketStorm.

Cheers ;) o/