meanwhile I would like to clarify that the attack that we will explore not only works with forums fixati for cookies ..
Here are the procedures for becoming an administrator in a forum PHPBB v.1 and v.2 
(using Mozilla Firefox)
(using Mozilla Firefox) 1) Let's go on a search engine (type Goog1e http://www.Google.it) and try Powered By
Phpbb 1.0.12
2) Once we found the forum in the forum home page (eg www.forum.it / index.php)
3) At this point the board to clear all your cookies by going to Tools -> Options -> Privacy
-> Clear Cookies Now
4) Let's go to C: \\ Documents and Settings \\ User \\ Application Data \\ Mozilla \\ Firefox \\ folder * (after
Firefox will have a folder with letters and numbers placed at random, each user has its own name
folder)
5) Open the file and find the string cookie.txt phpbb2mysql_data followed by another string to this Tiip
% 3A0% 3A% 7B% 7D, we have to replace it with a% 3A2%
7BS% 3A% 3A11% 3A% 22autologinid% 22% 3BB% 3A1% 3Bs% 3A6% 3A% 22userid% 22%
3Bs% 3A1% 3A% 222% 22% 3B% 7D
6) Now save the file by File-> Save and close
7) Close all sessions of Mozilla Firefox
8) re-open Firefox and go back the page Forum
9) At this point we are administrators, we can go to the admin panel
forum if you like, so we can leave a message Page administrator advising him to upgrade the forum
0 comments:
Post a Comment