Few days ago I found few bugs in latest phpBB code.
In short story I need few servers for tests 'few cases' of possible exploit.
If you have installed latest phpBB or you want to check out if there is a
possibility to build working exploit, let me know via email.
Showing posts with label phpBB bug. Show all posts
Showing posts with label phpBB bug. Show all posts
Saturday, 30 March 2013
Saturday, 25 August 2012
[EN] phpBB 3.0.10 with 'stopped MySQL' funny one
Hi ;]
Check it out: when You ('for example') have some 'troubles'* with Your database,
then 'me as a pentester' can get some 'usefull' information, when You have also installed phpBB. Idea is crazy but... it's just a talk, so ... ;)
Anyway, looks like this:
... and we can do it like that:
Two (paranoid;)) scenarios:
- first: Your database (port) is ddosed/maybe crashed by some 'time limit'/to-many-connection-from-webapp-situations, and so on...
- second: database stopped in this or other way.
...and now: "plus" 'all above', if You have installed (default) phpBB 3.0.10,
You can get this information: "this maybe is default installed 'all'-server-soft"...
:) So, like I said, this 'could be' valuable information for tester, because now
he/she can 'hit' other "defaults", for example, with DirBuster, nmap, and so on.
How to repair that? Maybe quick-fix should be to remove 'adding' line about
where is .sock-file?
Let me know what do You think :)
Enjoy Your weekend!
o/
Check it out: when You ('for example') have some 'troubles'* with Your database,
then 'me as a pentester' can get some 'usefull' information, when You have also installed phpBB. Idea is crazy but... it's just a talk, so ... ;)
Anyway, looks like this:
 |
| 'Idea'-info... |
... and we can do it like that:
Two (paranoid;)) scenarios:
- first: Your database (port) is ddosed/maybe crashed by some 'time limit'/to-many-connection-from-webapp-situations, and so on...
- second: database stopped in this or other way.
...and now: "plus" 'all above', if You have installed (default) phpBB 3.0.10,
You can get this information: "this maybe is default installed 'all'-server-soft"...
:) So, like I said, this 'could be' valuable information for tester, because now
he/she can 'hit' other "defaults", for example, with DirBuster, nmap, and so on.
How to repair that? Maybe quick-fix should be to remove 'adding' line about
where is .sock-file?
Let me know what do You think :)
Enjoy Your weekend!
o/
Tuesday, 31 July 2012
[EN] phpBB3 3.0.10 "Text-insertion bug"
Hi,
I found weird bug in phpBB3 (3.0.10).
Once again, when I'm doing webapp pentests,
vulnerable parameter is 'connected' with date (functions).
Here You have some source code from text added (permanently) to phpBB board:
Example 1:
Example 2:
If You need more details about it, let me know via comments or e-mail.
Cheers! :)
Thursday, 26 July 2012
[EN] phpBB3 SQL Injection - updated (31.07)
Hello :)
After a little break and multiple tasks to do, few minutes ago I found one surprise
in latest phpBB3.
This is 'so called' sql-information-leak via parameter manipulation (related to SQL).
I will not public full information today, because maybe some of You want to test Your installations before.
If so - let me know. Maybe I should help with full webapp pentest.
* updated 10:11 *
- Found second vulnerable parameter :)
* updated 28.07 *
- another two parameters are vulnerable
Cheers ;) o/
After a little break and multiple tasks to do, few minutes ago I found one surprise
in latest phpBB3.
This is 'so called' sql-information-leak via parameter manipulation (related to SQL).
I will not public full information today, because maybe some of You want to test Your installations before.
If so - let me know. Maybe I should help with full webapp pentest.
* updated 10:11 *
- Found second vulnerable parameter :)
* updated 28.07 *
- another two parameters are vulnerable
* updated 31.08 *
Detailed story once again at PacketStorm. Cheers ;) o/
Subscribe to:
Posts (Atom)