PhpBB admin pannel vulnerability

ghost

0 0

19 years ago

Let's assume I get access to admin pannel Is it possible to upload a file to server (or insert exploit -> php code) in any part of forum or admin pannel. Hope I was clear enought. Tnx

Mr_Cheese

0 1

19 years ago

write a php upload script, then upload webadmin.

easy!

Well when you login as admin go to the general admin -> configuration -> Allowed HTML tags and there for instance put in script or so, you know what to input ;) then you can use those html tags in each forum post you make.

For the inputting of source maybe this way

ghost

0 0

19 years ago

I have still problems with it, there is no problem to write php upload script, but how can I get it to work. In configuration I can write html code, but what about php? Or is there any other option to include my upload script (with html, javascript)?

Mr_Cheese

0 1

19 years ago

we are also having the same problems.

Anarchio-Hippie and i are using the [script language="php"] to get php onto a page. However, the forum doesnt seem to like php.

We are still working on a way round this, so if we find anything, we will post it.

ghost

0 0

19 years ago

I read your reply on the post i made but i think i explained wrong. the allow html commands box contains all the commands that are accepted so that you can post in a post in the forums, so by adding script to that line you can post script language in a post. So for instance make a cookie stealer etc

Hope i explained it a little better now ;)

make sure to put the html code on, also something you do in the configuration menu

ghost

0 0

19 years ago

I know there is no problem to use this form for html or javascript. But I don't find any option to use php (or probably any server side languages). So if I have acess to adimin pannel, there is still no option to get acess to files on server. If somebody find the option it would be great.