Pöse Hacker

Das kam Mittwoch bzw. Donnerstag per Mail:

Hey man.I am just learning bout exploits,injections and stuff.I am a
moderator in a site (hackits) and found out bout your exploit in the Burning
Board forum.The “‘X OR userid = ‘1″.
I ‘ve done this in the site where i am mod and saw that the only thing that
got to do was that the user X’ OR userid = ‘5012 had the avatar of the user
1.NOthing more (except of the fact that the forumcookiehash value was the
same between the 2 users).How is it that i can login (maybe change the
password????) with the user 1???
Please respond.I am not a scriptkiddy triyng to find only known exploits,but
i am only in the beginning… :(

 

Hi,
I’m a web administrator for a WBB (2.3.3) board, and I’m trying to replicate the exploit shown below on a 2.2.1:

http://securitytracker.com/alerts/2005/Mar/1013351.html

For some reason it’s not working and I was wondering if you could help me out.
I modified my cookie as stated below:
wbb2_userid = 1 web.forum.wbb.example
Could you please help me? I’m trying to understand more about the board by exploiting it, if that makes sense.
Thanks!

Mittlerweile gibt es offenbar Interesse an der Sicherheitslücke im wBB, die ich im Februar bekannt machte, ohne jedoch einen funktionieren Exploit mitzuliefern. Tz, Leute gibt’s…

Leave a Reply