phpBB UID Exploit and Exploits in general
I am trying to use phpBB UID Exploit http://www.securiteam.com/exploits/5KP0C0UF5M.html, but have serious problems. Probably this is because my lack of knowledge of c programming. I am trying to find detailed instructions for couple of days. How can I execute this script (I know it is nobish question)? Where is cookies.txt (from Firefox) located?? Phpbb_exploit.exe in code is really strange to me, wtf is this file? Tnx
Demn I need to learn c (or c++) programming!!
Yeah like Mr_Cheese allready said you can do it yourself without the use of the program. If you run on windows you have to look in your C hdd: c -> Documents and Settings -> your username -> Application data -> Mozilla ->Firefox ->Profiles -> then there is a map with a random name, open that and in there you will find a cookies.txt file
Now after you logged into the board go to the cookies.txt file and then change whatever is behind the "phpbbmysql_data=" var into a%3A2%3A%7Bs%3A11%3A%22autologinid%22%3Bb%3A1%3Bs%3A6%3A%22userid%22%3Bs%3A1%3A%222%22%3B%7D (this logs you in as an admin on the board cause userid 2 is admin in most cases.
then you save the cookies.txt file and you revisit the site, if it's vurnable you are now logged in as admin.
This exploit works because of an error in the data parsing causing an exploit with boolean values. But if you don't log in as admin then they must have changed it manually.
Hope this helped you in a way ;) //+ i am not responsible for what you do with this, pure educational of course :) // if you need any extra help just pm me